[Pkg-mediawiki-devel] Bug#677895: Bug#677895: CVE-2012-2698: unescaped lang and dir

Jonathan Wiltshire jmw at debian.org
Sun Jun 17 18:29:17 UTC 2012

On 2012-06-17 18:25, Platonides wrote:
> On 17/06/12 17:01, Luk Claes wrote:
>> Package: mediawiki
>> Severity: important
>> Tags: security
>> Hi,
>> the following CVE (Common Vulnerabilities & Exposures) id was
>> published for mediawiki.
>> CVE-2012-2698
>> If you fix the vulnerability please also make sure to include the
>> CVE id in your changelog entry.
> No need to patch it. Debian got lucky here by using a 3 years old
> branch. The language code output in the skin was introduced in r49331
> and 1.15 had been branched two weeks before on r49331.

Thanks, tracker updated.

> The only thing to do is to replace at experimental 1.19.0 with 1.19.1
> Jonathan, you said you had prepared 1.19.1, can you push it?

I don't think it is worth it at this stage for experimental only. 
Production use of experimental is highly discouraged and at the user's 
risk; besides, I want 1.19.1 in sid much more than I want to do two 
rounds of testing and uploading.

Jonathan Wiltshire                                      jmw at debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

More information about the Pkg-mediawiki-devel mailing list