[Pkg-mediawiki-devel] Bug#650434: mediawiki: two security issues (fixed in 1.17.1)
Moritz Muehlenhoff
jmm at inutil.org
Tue Dec 6 19:01:18 UTC 2011
On Mon, Dec 05, 2011 at 10:22:11PM +0000, Jonathan Wiltshire wrote:
> On Tue, Nov 29, 2011 at 07:38:46PM +0100, Luciano Bello wrote:
> > In the 1.17.1 release announce, two grave vulnerabilities have been
> > fixed:
> > http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-
> > November/000104.html
> > Patches are included in the wikimedia bugzilla:
> > https://bugzilla.wikimedia.org/show_bug.cgi?id=32276
> > https://bugzilla.wikimedia.org/show_bug.cgi?id=32616
> > Please, consider backport those patches to stable and oldstable since
> > they look affected. Coordinate with the security team a DSA release.
>
> Please find patches attached. The upload is unstable has migrated and these
> backports have had limited testing from me, as I only have a small wiki to
> play with.
>
> If you approve please allocate a DSA number and I will write up the text.
What's the status of the following for stable?
http://security-tracker.debian.org/tracker/CVE-2011-1578
http://security-tracker.debian.org/tracker/CVE-2011-1579
http://security-tracker.debian.org/tracker/CVE-2011-1580
Otherwise, please upload. You can allocate the DSA ID yourself by running
bin/gen-DSA as outlined here and commit the new blob in data/DSA/list:
http://wiki.debian.org/DebianSecurity/AdvisoryCreation/SecSecr
I'll take care of sending out the DSA.
Cheers,
Moritz
More information about the Pkg-mediawiki-devel
mailing list