[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#656815: pu: package mediawiki/1:1.15.5-2squeeze3

tag 656815 + squeeze confirmed

On Sat, 2012-01-21 at 22:28 +0000, Jonathan Wiltshire wrote:
> Testing has shown that the fix for CVE-2011-4360 introduces a regression:
> in some situations, an error is returned instead of a login prompt. Moreover,
> the Debian package seems not to disclose information as described by the CVE.

mediawiki, how we love thee.

> For this reason I would like to get a fix into this point release rather
> than waiting for the next. I realise the window technically closes this weekend
> and I'm sorry for the late notice.
> Debdiff attached, it's a one line change that just disables the patch in the
> quilt series file.

Please go ahead; thanks.



Reply to: