[Pkg-mediawiki-devel] Bug#677895: CVE-2012-2698: unescaped lang and dir

Platonides platonides at gmail.com
Sun Jun 17 21:08:27 UTC 2012

On 17/06/12 20:29, Jonathan Wiltshire wrote:
>> The only thing to do is to replace at experimental 1.19.0 with 1.19.1
>> Jonathan, you said you had prepared 1.19.1, can you push it?
> I don't think it is worth it at this stage for experimental only.
> Production use of experimental is highly discouraged and at the user's
> risk; besides, I want 1.19.1 in sid much more than I want to do two
> rounds of testing and uploading.

Fine then. That was the only package that seemed affected by that bug.
What about that update.php? What was the problem with running it on
package upgrade?
It's obviously not my decision, but I'd love to see an update of
mediawiki package really running the updater instead of leaving the wiki
in an inconsistent status needing manual intervention.
And I suspect it'd have to be added before the freeze.

More information about the Pkg-mediawiki-devel mailing list