Bug#695986: RFS: mediawiki/1:1.15.5-2squeeze4.1 [NMU] [RC]
Hi, On 2012-12-15 17:41:45, Dominik George wrote: > > Did you coordinate this upload with the Security Team? Did the team > > authorize the upload? (See devref §5.8.5 [1] for details) > > I CC'ed debian-security on this bugreport. I am not fmailiar with uploads > to squeeze-security and was hoping for support from the pkg-mediawiki > team. Finally, I figured that an RFS with Cc to debian-security was better > than doing nothing for getting the issues fixed. Okay, but please coordinate the upload with the Security Team first. If you get the ACK and none of the team members has already sponsored your uploaded, I'm happy to help. Regards -- Sebastian Ramacher signature.asc Description: Digital signature
Bug#695986: RFS: mediawiki/1:1.15.5-2squeeze4.1 [NMU] [RC]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, > Did you coordinate this upload with the Security Team? Did the team > authorize the upload? (See devref §5.8.5 [1] for details) I CC'ed debian-security on this bugreport. I am not fmailiar with uploads to squeeze-security and was hoping for support from the pkg-mediawiki team. Finally, I figured that an RFS with Cc to debian-security was better than doing nothing for getting the issues fixed. - -nik - -- * mirabilos is handling my post-1990 smartphone * Aaah, it vibrates! Wherefor art thou, daemonic device?? PGP fingerprint: 2086 9A4B E67D 1DCD FFF6 F6C1 59FC 8E1D 6F2A 8001 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iQFOBAEBCAA4BQJQzKhFMRpodHRwczovL3d3dy5kb21pbmlrLWdlb3JnZS5kZS9n cGctcG9saWN5LnR4dC5hc2MACgkQWfyOHW8qgAHWyQgAg0xKSLpeWEFkVzs20Jto T2tcrJ7bFA1KKEem0Ict+Uvn+uNLgwJx3Re/BMj7cDzUXCXm5YrXtS1Wy05Cldfj aGuBg27wL9NoXqa3oonOvCciXpGXfvYu3G332q4WapspYHyW8o+y8WR2gvV5tcBr 3nqF7VdWA1XT8TmtO9q2LSVc8F+yBXZrpoXQz/Zb3TcFluHp6XkPzVF/1UMVrseU SfAq2paDhaCe1vZAtN1AtGAxQNoJ3FFfeAqANSB9G3VsY59y/5n9IrGVoeTrFbaF gJIEbYkUmW9cdRXLeOvSsljnGzQuGkhJL5LtMCa42itIDBGM5NJtwtOWAlXHaZ1q jA== =hXHz -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#695986: RFS: mediawiki/1:1.15.5-2squeeze4.1 [NMU] [RC]
Control: tags -1 + moreinfo Hi Dominik, thanks for working on this security issue. On 2012-12-15 10:18:04, Dominik George wrote: > mediawiki (1:1.15.5-2squeeze4.1) squeeze-security; urgency=low > >* Non-maintainer upload. >* Backported security fixes from upstream (Closes: #694998): > + CVE-2012-5391, CVE-2012-5395 >Prevent session fixation in Special:UserLogin > + Prevent linker regex from exceeding backtrack limit Did you coordinate this upload with the Security Team? Did the team authorize the upload? (See devref §5.8.5 [1] for details) Regards [1] http://www.debian.org/doc/manuals/developers-reference/pkgs.html#bug-security -- Sebastian Ramacher signature.asc Description: Digital signature
Bug#695986: RFS: mediawiki/1:1.15.5-2squeeze4.1 [NMU] [RC]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: sponsorship-requests Severity: important Dear mentors, I am looking for a sponsor for my version 1:1.15.5-2squeeze4.1 of package "mediawiki". It is an upload for squeeze-security to fix the security issues in bug #694998. I ahve prepared a new upstream version for unstable which will migrate to testing shortly and I also backported the fixes to the version in squeeze. I have tested them in a clean squeeze chroot and they work fine. Unfortunately, no-one in the pkg-mediawiki team actually seems to care for squeeze as, while my mail concerning unstable were answered, I still haven't received any comment whatsoever on the squeeze-security update for several days. Package name: mediawiki Version : 1:1.15.5-2squeeze4.1 Section : web It builds those binary packages: mediawiki - website engine for collaborative work mediawiki-math - math rendering plugin for MediaWiki To access further information about this package, please visit the following URL: http://mentors.debian.net/package/mediawiki Alternatively, one can download the package with dget using this command: dget -x http://mentors.debian.net/debian/pool/main/m/mediawiki/mediawiki_1.15.5-2squeeze4.1.dsc Changes since the last upload: mediawiki (1:1.15.5-2squeeze4.1) squeeze-security; urgency=low * Non-maintainer upload. * Backported security fixes from upstream (Closes: #694998): + CVE-2012-5391, CVE-2012-5395 Prevent session fixation in Special:UserLogin + Prevent linker regex from exceeding backtrack limit I intentionally did not touch any lintian warning that were not introduced by these changes to make the changes to squeeze minimal and only security-related. Regards, Dominik George - -- * mirabilos is handling my post-1990 smartphone * Aaah, it vibrates! Wherefor art thou, daemonic device?? PGP fingerprint: 2086 9A4B E67D 1DCD FFF6 F6C1 59FC 8E1D 6F2A 8001 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iQFOBAEBCAA4BQJQzEBDMRpodHRwczovL3d3dy5kb21pbmlrLWdlb3JnZS5kZS9n cGctcG9saWN5LnR4dC5hc2MACgkQWfyOHW8qgAExrgf/V+WTlbGkAwFyUlbvwH5T YWi+Fgjv824ZtHiefKQTQXxur0+8cWkOG96LPUu2PqByJ1j3LykzWU70yV+KbMZz nTvB/pvPQGjpRZtJyi+d6QsujGpph+Ew06t39/eUcInGiuPGfimhyONIcZEwyRPr i2X2pc1s7ozhZGWSz3KKyOil4qUcOCbFK8HnALqlUpXUeLVXVAK5rfvSOf4SFN0E 18xmw6nNls020HWDIefSNrSMLILjvykxVfDGt+hTnFWq97S9d9pz5CB/ij1bujdZ YGsFgiJZ3lI4jbSRahnZAcx1aL8cL/SCB+8gpg8/0e1WWcKYe1vXusTmJLnigvNc aA== =SFAS -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
