[Pkg-mediawiki-devel] Bug#550940: Bug#550940: Mediawiki settings file world-readable
jmw at debian.org
Mon Jul 4 21:52:43 UTC 2011
On Mon, Jul 04, 2011 at 11:35:29PM +0200, Nico Golde wrote:
> * Ian Jackson <ijackson at chiark.greenend.org.uk> [2011-07-04 13:00]:
> > Hi, security guys. Would you care to take a look at #550940 ?
> > I think this is the kind of security problem which should perhaps
> > warrant a DSA.
> > The maintainer's response (that this is fixed in a new upstream
> > version and therefore wouldn't be fixed in squeeze) seems
> > very surprising to me.
At the time, and in the context of a deep freeze, a new upstream into unstable
would have been most unwelcome. In 1.16 upwards, generation of
LocalSettings.php is apparantly completely overhauled and fixes this bug.
Unfortunately neither I nor the rest of the team have yet had chance to
> If yes, this should get a DSA.
If you think it necessary I would not object to a DSA, though at the time I
ranked it less urgent because it's at least documented, even if not
> Kind regards
> Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0xA0A0AAAA
> For security reasons, all text in this mail is double-rot13 encrypted.
Jonathan Wiltshire jmw at debian.org
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: Digital signature
More information about the Pkg-mediawiki-devel