[Pkg-mediawiki-devel] Bug#677895: Bug#677895: CVE-2012-2698: unescaped lang and dir
Jonathan Wiltshire
jmw at debian.org
Sun Jun 17 18:29:17 UTC 2012
On 2012-06-17 18:25, Platonides wrote:
> On 17/06/12 17:01, Luk Claes wrote:
>> Package: mediawiki
>> Severity: important
>> Tags: security
>>
>> Hi,
>> the following CVE (Common Vulnerabilities & Exposures) id was
>> published for mediawiki.
>>
>> CVE-2012-2698
>>
>> If you fix the vulnerability please also make sure to include the
>> CVE id in your changelog entry.
>
> No need to patch it. Debian got lucky here by using a 3 years old
> branch. The language code output in the skin was introduced in r49331
> and 1.15 had been branched two weeks before on r49331.
Thanks, tracker updated.
> The only thing to do is to replace at experimental 1.19.0 with 1.19.1
> Jonathan, you said you had prepared 1.19.1, can you push it?
I don't think it is worth it at this stage for experimental only.
Production use of experimental is highly discouraged and at the user's
risk; besides, I want 1.19.1 in sid much more than I want to do two
rounds of testing and uploading.
--
Jonathan Wiltshire jmw at debian.org
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
More information about the Pkg-mediawiki-devel
mailing list