On Sat, 2012-12-29 at 19:33 +0000, Steve McIntyre wrote: > There's been a set of security updates in moin in the last couple of > weeks, with 2 very important ones today. I've already coordinated with > the security team for fixes in Squeeze (1.9.3-1+squeeze4) and I've > uploaded into sid (1.9.5-4). In Wheezy, we're currently on > 1.9.4-8. What would you say to a TPU upload with the attached debdiff?
+moin (1.9.4-8+deb7u1) testing-proposed-updates; urgency=high + + * Stack of security fixes from upstream: + + make taintfilename more secure + + escape user- or admin-defined css url + + use a constant time str comparison function to prevent timing + attacks + + fix remote code execution vulnerability in twikidraw/anywikidraw + actions (CVE-2012-XXXX). + + fix path traversal vulnerability in AttachFile action + (CVE-2012-XXXX). Looks okay to me; thanks. (fwiw, even for tpu unblock bugs are generally easier to track and less likely to get lost in the list.) Regards, Adam -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
