Hello! The Linux distributions Debian and [K]ubuntu both ship a very old 2.5.139 version. Debian has listed a grave bug against the package, http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=470477 because 3 security bugs have been found in JSPWiki: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1231 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1229 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1230 All 3 reference the same original report, which contains the description: http://marc.info/?l=bugtraq&m=120300554011544&w=2
I'd like to ask you, if you're aware of these bugs and if they were properly addressed in 2.6.3, since the Changelog doesn't contain any references to these CVEs? BYtE Philipp PS: please cc:[EMAIL PROTECTED] on replies. -- Philipp Matthias Hahn <[EMAIL PROTECTED]> GPG/PGP: 9A540E39 @ keyrings.debian.org -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]