[Pkg-mediawiki-devel] RFS: mediawiki/1:1.15.5-2squeeze4.1 [NMU] [RC]

Dominik George nik at naturalnet.de
Sat Dec 15 09:18:04 UTC 2012 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package: sponsorship-requests
Severity: important

Dear mentors,

I am looking for a sponsor for my version 1:1.15.5-2squeeze4.1 of package 
"mediawiki". It is an upload for squeeze-security to fix the security 
issues in bug #694998. I ahve prepared a new upstream version for unstable 
which will migrate to testing shortly and I also backported the fixes to 
the version in squeeze. I have tested them in a clean squeeze chroot and 
they work fine.

Unfortunately, no-one in the pkg-mediawiki team actually seems to care for 
squeeze as, while my mail concerning unstable were answered, I 
still haven't received any comment whatsoever on the squeeze-security update
for several days.

Package name    : mediawiki
Version         : 1:1.15.5-2squeeze4.1
Section         : web

It builds those binary packages:

 mediawiki  - website engine for collaborative work
 mediawiki-math - math rendering plugin for MediaWiki

To access further information about this package, please visit the 
following URL:

  http://mentors.debian.net/package/mediawiki

Alternatively, one can download the package with dget using this 
command:

  dget -x http://mentors.debian.net/debian/pool/main/m/mediawiki/mediawiki_1.15.5-2squeeze4.1.dsc

Changes since the last upload:

 mediawiki (1:1.15.5-2squeeze4.1) squeeze-security; urgency=low

   * Non-maintainer upload.
   * Backported security fixes from upstream (Closes: #694998):
     + CVE-2012-5391, CVE-2012-5395
       Prevent session fixation in Special:UserLogin
     + Prevent linker regex from exceeding backtrack limit

I intentionally did not touch any lintian warning that were not introduced 
by these changes to make the changes to squeeze minimal and only 
security-related.

  Regards,
   Dominik George

- -- 
* mirabilos is handling my post-1990 smartphone *
<mirabilos> Aaah, it vibrates! Wherefor art thou, daemonic device??

PGP fingerprint: 2086 9A4B E67D 1DCD FFF6  F6C1 59FC 8E1D 6F2A 8001
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)

iQFOBAEBCAA4BQJQzEBDMRpodHRwczovL3d3dy5kb21pbmlrLWdlb3JnZS5kZS9n
cGctcG9saWN5LnR4dC5hc2MACgkQWfyOHW8qgAExrgf/V+WTlbGkAwFyUlbvwH5T
YWi+Fgjv824ZtHiefKQTQXxur0+8cWkOG96LPUu2PqByJ1j3LykzWU70yV+KbMZz
nTvB/pvPQGjpRZtJyi+d6QsujGpph+Ew06t39/eUcInGiuPGfimhyONIcZEwyRPr
i2X2pc1s7ozhZGWSz3KKyOil4qUcOCbFK8HnALqlUpXUeLVXVAK5rfvSOf4SFN0E
18xmw6nNls020HWDIefSNrSMLILjvykxVfDGt+hTnFWq97S9d9pz5CB/ij1bujdZ
YGsFgiJZ3lI4jbSRahnZAcx1aL8cL/SCB+8gpg8/0e1WWcKYe1vXusTmJLnigvNc
aA==
=SFAS
-----END PGP SIGNATURE-----

More information about the Pkg-mediawiki-devel mailing list