On Tue, Sep 12, 2017 at 09:30:19PM +0200, Salvatore Bonaccorso wrote: > Hi Dominic, > > On Tue, Sep 12, 2017 at 04:34:14PM +0100, Dominic Hargreaves wrote: > > On Tue, Sep 12, 2017 at 06:33:02AM +0200, Salvatore Bonaccorso wrote: > > > Control: retitle -1 wordpress-shibboleth: CVE-2017-14313: XSS due to > > > add_query_arg > > > > > > Hi Dominic, Craig, Michael, > > > > > > FTR, I requested a CVE for this issue and it got assigned > > > CVE-2017-14313. > > > > Thanks. I assume you would like a security upload? Here is the minimal > > fix which should apply to stretch and jessie. > > > > I am waiting for some real world testing from a colleague. > > > > Let me know if I'm okay to upload. > > Once you have got feedback from real world testing, can you finalize > the changelogs and then please upload. Since both jessie-security and > stretch-security share the same orig tarball, please do build the > first one with -sa, upload, wait for the ACCEPTED mail after some > minutes to you, then upload the second without -sa. > > Thanks already. If you have a proposed DSA text, that would be > welcome.
Now uploaded. You can use the same text as Chris Lamb wrote in the LTS update. Thanks, Dominic.
