Re: [SECURITY] [DSA 1523-1] New ikiwiki packages fix cross-site scripting

To: Ronny Adsetts <ronny.adsetts@amazinginternet.com>
Cc: Axel Beckert <abe@deuxchevaux.org>, debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 1523-1] New ikiwiki packages fix cross-site scripting
From: Florian Weimer <fw@deneb.enyo.de>
Date: Tue, 18 Mar 2008 21:02:52 +0100
Message-id: <[🔎] 87zlsvajgz.fsf@mid.deneb.enyo.de>
In-reply-to: <[🔎] 47DFD9A4.7030401@amazinginternet.com> (Ronny Adsetts's message of "Tue, 18 Mar 2008 15:03:00 +0000")
References: <87bq5df51e.fsf@mid.deneb.enyo.de> <[🔎] 20080318091241.GH30385@sym.noone.org> <[🔎] 47DF92B2.1070102@amazinginternet.com> <[🔎] 20080318145601.GI30385@sym.noone.org> <[🔎] 47DFD9A4.7030401@amazinginternet.com>

* Ronny Adsetts:

> My understanding is that the security team don't generally provide
> updates for unstable. The DSA simply notes the unstable version in
> which the security hole was fixed.

Exactly, I looked at our records (and the ikiwiki homepage), and listed
the version that was reported there.

ikiwiki is a native packge (no "-" in the version number), and we took
too much time to process the update even though it was available (sorry
about that), that's why there appears to be a large discrepancy between
the reported version number and the current version in sid.  However,
this must have already happened in the past, when the security impact of
a change was discovered only afterwards.

Reply to:

References:
- Re: [SECURITY] [DSA 1523-1] New ikiwiki packages fix cross-site scripting
  - From: Axel Beckert <abe@deuxchevaux.org>
- Re: [SECURITY] [DSA 1523-1] New ikiwiki packages fix cross-site scripting
  - From: Ronny Adsetts <ronny.adsetts@amazinginternet.com>
- Re: [SECURITY] [DSA 1523-1] New ikiwiki packages fix cross-site scripting
  - From: Axel Beckert <abe@deuxchevaux.org>
- Re: [SECURITY] [DSA 1523-1] New ikiwiki packages fix cross-site scripting
  - From: Ronny Adsetts <ronny.adsetts@amazinginternet.com>

Prev by Date: Re: [Sysadmins] [SECURITY] [DSA 1524-1] New krb5 packages fix multiple vulnerabilities
Next by Date: Re: [Sysadmins] [SECURITY] [DSA 1524-1] New krb5 packages fix multiple vulnerabilities
Previous by thread: Re: [SECURITY] [DSA 1523-1] New ikiwiki packages fix cross-site scripting
Next by thread: Re: [SECURITY] [DSA 1523-1] New ikiwiki packages fix cross-site scripting
Index(es):
- Date
- Thread