Bug#656815: pu: package mediawiki/1:1.15.5-2squeeze3
tag 656815 + squeeze confirmed
On Sat, 2012-01-21 at 22:28 +0000, Jonathan Wiltshire wrote:
> Testing has shown that the fix for CVE-2011-4360 introduces a regression:
> in some situations, an error is returned instead of a login prompt. Moreover,
> the Debian package seems not to disclose information as described by the CVE.
mediawiki, how we love thee.
> For this reason I would like to get a fix into this point release rather
> than waiting for the next. I realise the window technically closes this weekend
> and I'm sorry for the late notice.
> Debdiff attached, it's a one line change that just disables the patch in the
> quilt series file.
Please go ahead; thanks.