On Mon, Dec 05, 2011 at 10:22:11PM +0000, Jonathan Wiltshire wrote: > On Tue, Nov 29, 2011 at 07:38:46PM +0100, Luciano Bello wrote: > > In the 1.17.1 release announce, two grave vulnerabilities have been > > fixed: > > http://lists.wikimedia.org/pipermail/mediawiki-announce/2011- > > November/000104.html > > Patches are included in the wikimedia bugzilla: > > https://bugzilla.wikimedia.org/show_bug.cgi?id=32276 > > https://bugzilla.wikimedia.org/show_bug.cgi?id=32616 > > Please, consider backport those patches to stable and oldstable since > > they look affected. Coordinate with the security team a DSA release. > > Please find patches attached. The upload is unstable has migrated and these > backports have had limited testing from me, as I only have a small wiki to > play with. > > If you approve please allocate a DSA number and I will write up the text.
What's the status of the following for stable? http://security-tracker.debian.org/tracker/CVE-2011-1578 http://security-tracker.debian.org/tracker/CVE-2011-1579 http://security-tracker.debian.org/tracker/CVE-2011-1580 Otherwise, please upload. You can allocate the DSA ID yourself by running bin/gen-DSA as outlined here and commit the new blob in data/DSA/list: http://wiki.debian.org/DebianSecurity/AdvisoryCreation/SecSecr I'll take care of sending out the DSA. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org