Hello!
The Linux distributions Debian and [K]ubuntu both ship a very old
2.5.139 version. Debian has listed a grave bug against the package,
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=470477
because 3 security bugs have been found in JSPWiki:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1229
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1230
All 3 reference the same original report, which contains the description:
http://marc.info/?l=bugtraq&m=120300554011544&w=2
I'd like to ask you, if you're aware of these bugs and if they were
properly addressed in 2.6.3, since the Changelog doesn't contain any
references to these CVEs?
BYtE
Philipp
PS: please cc:[EMAIL PROTECTED] on replies.
--
Philipp Matthias Hahn <[EMAIL PROTECTED]>
GPG/PGP: 9A540E39 @ keyrings.debian.org
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
