Re: [SRM] Permission to upload mediawiki to stable
On Sun, 2010-12-19 at 14:46 +0100, Moritz Muehlenhoff wrote:
> On 2010-12-18, Adam D. Barratt <adam@adam-barratt.org.uk> wrote:
> > The security tracker seems to be somewhat confused here, fwiw -
> > http://security-tracker.debian.org/tracker/CVE-2010-164{7,8} both claim
> > that the issue was fixed in -2lenny5.
>
> The are both marked as no-dsa:
>
> CVE-2010-1648 (Cross-site request forgery (CSRF) vulnerability in the login interface ...)
> - mediawiki 1.15.4-1 (bug #585918; low)
> [lenny] - mediawiki <no-dsa> (Minor issue)
> NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
> CVE-2010-1647 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.15 before ...)
> - mediawiki 1.15.4-1 (bug #585918; low)
> [lenny] - mediawiki <no-dsa> (Minor issue)
> NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
Yeah, I spotted that when looking at the tracker while checking the
request over. It just seemed odd that they were already marked as fixed
in -2lenny5 when that upload clearly didn't include the fixes.
Regards,
Adam
Reply to: