[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#656815: pu: package mediawiki/1:1.15.5-2squeeze3

Hi Jonathan.

Jonathan Wiltshire <jmw@debian.org> (21/01/2012):
> Package: release.debian.org
> Severity: important
> User: release.debian.org@packages.debian.org
> Usertags: pu
> (severity important because of the regression)
> Testing has shown that the fix for CVE-2011-4360 introduces a regression:
> in some situations, an error is returned instead of a login prompt. Moreover,
> the Debian package seems not to disclose information as described by the CVE.

So we had “with no ill-effects” when the patch was introduced, and now
we have “no info disclosure”. Will we get an update to re-enable the
patch soon? ;-)

> For this reason I would like to get a fix into this point release
> rather than waiting for the next. I realise the window technically
> closes this weekend and I'm sorry for the late notice.

I guess the difficult part (on the timing side) might be
mediawiki-math's being arch:any?


Attachment: signature.asc
Description: Digital signature

Reply to: