[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Update for dokuwiki/lenny


On Wed, Oct 05, 2011 at 11:56:14AM +0200, Tanguy Ortolo wrote:
> My last update of dokuwiki/lenny, which fixed a security flaw and was
> released with Lenny 5.0.9, unfortunately introduced a quite important
> regression, breaking any wiki page containing external links. I should
> have detected it, but it appears that I did not test external links (and
> I really should have done so, since the security fix was about external
> links).

as the security team is pushing more and more fixes towards (o-)p-u,
and as this was originally a security fix, I'd like to ask the
Security Team for a curtesy: as we do not have -updates for lenny,
can you please issue a DSA with the regression fix?

> It is described in the bug report #644145, which Julien Cristau has
> already identified as affecting this point release. I have corrected
> this regression in a new version [1] which has been tested by myself and
> at least two users. This version modifies the previous one's security
> patch by replacing calls to an undefined function that was introduced in
> a later version.
>     [1] http://tanguy.ortolo.eu/deb/dokuwiki/dokuwiki_0.0.20080505-4+lenny4.dsc
> For those affected, the bug report already gives a pointer to this
> updated version. Do you think it can be added to a possible next point
> release?

Philipp Kern

Attachment: signature.asc
Description: Digital signature

Reply to: