[Secure-testing-team] Security issue with twiki in testing, however not reported in "Vulnerable source packages in the testing suite" (reg. #485562)

[Olivier Berger]

Hi.

You may notice that there's a current bug registered on the twiki
package which is related to security
(http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=485562)

I tried my best to explain to the maintainer why there's a security
issue, but it seems that either we misunderstood eachother, or I'm
completely wrong, (or I managed to piss him off enough that he won't
care for the package ?) but in any case the maintainer didn't either
acknowledge nor change the bug's tags, nor react for quite some time
now.

Note that the problem is not related to twiki itself but to the way the
package is made (its apache configuration installed by default,
actually), so Debian specific AFAICT.

I think that this problem deserves some attention, and should be listed
in testing's security issues. However, I couldn't find any mention of
twiki in
http://security-tracker.debian.net/tracker/status/release/testing :(

I hope this message will draw more attention on that issue, and will
lead to proper fixing actions.

Best regards,
-- 
Olivier BERGER <olivier.berger at it-sudparis.eu>
http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 1024D/6B829EEC
Ingénieur Recherche - Dept INF
Institut TELECOM, SudParis (http://www.it-sudparis.eu/), Evry (France)