Hi Dominic, On Tue, Sep 12, 2017 at 04:34:14PM +0100, Dominic Hargreaves wrote: > On Tue, Sep 12, 2017 at 06:33:02AM +0200, Salvatore Bonaccorso wrote: > > Control: retitle -1 wordpress-shibboleth: CVE-2017-14313: XSS due to > > add_query_arg > > > > Hi Dominic, Craig, Michael, > > > > FTR, I requested a CVE for this issue and it got assigned > > CVE-2017-14313. > > Thanks. I assume you would like a security upload? Here is the minimal > fix which should apply to stretch and jessie. > > I am waiting for some real world testing from a colleague. > > Let me know if I'm okay to upload.
Once you have got feedback from real world testing, can you finalize the changelogs and then please upload. Since both jessie-security and stretch-security share the same orig tarball, please do build the first one with -sa, upload, wait for the ACCEPTED mail after some minutes to you, then upload the second without -sa. Thanks already. If you have a proposed DSA text, that would be welcome. Regards, Salvatore
signature.asc
Description: PGP signature