[Pkg-mediawiki-devel] Bug#650434: mediawiki: two security issues (fixed in 1.17.1)

Jonathan Wiltshire jmw at debian.org
Mon Dec 5 22:22:11 UTC 2011


On Tue, Nov 29, 2011 at 07:38:46PM +0100, Luciano Bello wrote:
> 	In the 1.17.1 release announce, two grave vulnerabilities have been 
> fixed:
> http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-
> November/000104.html
> 	Patches are included in the wikimedia bugzilla:
> https://bugzilla.wikimedia.org/show_bug.cgi?id=32276
> https://bugzilla.wikimedia.org/show_bug.cgi?id=32616
> 	Please, consider backport those patches to stable and oldstable since 
> they look affected. Coordinate with the security team a DSA release.

Please find patches attached. The upload is unstable has migrated and these
backports have had limited testing from me, as I only have a small wiki to
play with.

If you approve please allocate a DSA number and I will write up the text.

Thanks,

-- 
Jonathan Wiltshire                                      jmw at debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mw_lenny9.diff
Type: text/x-diff
Size: 3962 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-mediawiki-devel/attachments/20111205/41f2262d/attachment.diff>
-------------- next part --------------
 debian/patches/CVE-2011-4360.patch     |   31 +++++++++++++++++++++++++++++
 debian/patches/CVE-2011-4361.patch     |   35 +++++++++++++++++++++++++++++++++
 mediawiki-1.12.0/debian/changelog      |   10 +++++++++
 mediawiki-1.12.0/debian/patches/series |    2 +
 4 files changed, 78 insertions(+)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mw_squeeze2.diff
Type: text/x-diff
Size: 4444 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-mediawiki-devel/attachments/20111205/41f2262d/attachment-0001.diff>
-------------- next part --------------
 changelog                   |   10 ++++++++++
 patches/CVE-2011-4360.patch |   31 +++++++++++++++++++++++++++++++
 patches/CVE-2011-4361.patch |   35 +++++++++++++++++++++++++++++++++++
 patches/series              |    2 ++
 4 files changed, 78 insertions(+)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-mediawiki-devel/attachments/20111205/41f2262d/attachment.pgp>


More information about the Pkg-mediawiki-devel mailing list