On Sun, 2010-12-19 at 14:46 +0100, Moritz Muehlenhoff wrote: > On 2010-12-18, Adam D. Barratt <[email protected]> wrote: > > The security tracker seems to be somewhat confused here, fwiw - > > http://security-tracker.debian.org/tracker/CVE-2010-164{7,8} both claim > > that the issue was fixed in -2lenny5. > > The are both marked as no-dsa: > > CVE-2010-1648 (Cross-site request forgery (CSRF) vulnerability in the login > interface ...) > - mediawiki 1.15.4-1 (bug #585918; low) > [lenny] - mediawiki <no-dsa> (Minor issue) > NOTE: > http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html > CVE-2010-1647 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.15 > before ...) > - mediawiki 1.15.4-1 (bug #585918; low) > [lenny] - mediawiki <no-dsa> (Minor issue) > NOTE: > http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
Yeah, I spotted that when looking at the tracker while checking the request over. It just seemed odd that they were already marked as fixed in -2lenny5 when that upload clearly didn't include the fixes. Regards, Adam -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
