[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#656815: pu: package mediawiki/1:1.15.5-2squeeze3



Package: release.debian.org
Severity: important
User: release.debian.org@packages.debian.org
Usertags: pu

(severity important because of the regression)

Testing has shown that the fix for CVE-2011-4360 introduces a regression:
in some situations, an error is returned instead of a login prompt. Moreover,
the Debian package seems not to disclose information as described by the CVE.

For this reason I would like to get a fix into this point release rather
than waiting for the next. I realise the window technically closes this weekend
and I'm sorry for the late notice.

Debdiff attached, it's a one line change that just disables the patch in the
quilt series file.

Thanks



-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.1.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
diff -Nru mediawiki-1.15.5/debian/changelog mediawiki-1.15.5/debian/changelog
--- mediawiki-1.15.5/debian/changelog	2012-01-13 10:55:12.000000000 +0000
+++ mediawiki-1.15.5/debian/changelog	2012-01-21 21:08:01.000000000 +0000
@@ -1,3 +1,10 @@
+mediawiki (1:1.15.5-2squeeze4) stable; urgency=low
+
+  * Disable CVE-2011-4360.patch, it causes ugly error messages in certain
+    situations. The CVE does not apply to this release.
+
+ -- Jonathan Wiltshire <jmw@debian.org>  Sat, 21 Jan 2012 20:59:36 +0000
+
 mediawiki (1:1.15.5-2squeeze3) stable; urgency=low
 
   * debian/patches/CVE-2012-0046.patch: security fix for unintended exposure
diff -Nru mediawiki-1.15.5/debian/patches/series mediawiki-1.15.5/debian/patches/series
--- mediawiki-1.15.5/debian/patches/series	2012-01-13 10:12:04.000000000 +0000
+++ mediawiki-1.15.5/debian/patches/series	2012-01-21 20:57:43.000000000 +0000
@@ -11,6 +11,5 @@
 CVE-2011-1579.patch
 CVE-2011-1580.patch
 CVE-2011-1587.patch
-CVE-2011-4360.patch
 CVE-2011-4361.patch
 CVE-2012-0046.patch

Reply to: