[Secure-testing-team] TWiki 4.1.2-2 fix for CVE-2007-5193
Holger Levsen
holger at layer-acht.org
Thu Oct 18 14:59:26 UTC 2007
Hi Sven,
Amaya forwarded your mail to me, so that I can sponsor the upload as she is
too busy currently...
On Sunday 14 October 2007 14:08, Sven wrote:
> is there any chance you could upload twiki_4.1.2-2_all.deb from
> http://distributedinformation.com/TWikiDebian/
> Its for fixing http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444982
I just looked at the debdiff between the version in testing+unstable (4.1.2-1)
and http://distributedinformation.com/TWikiDebian/twiki_4.1.2-2.dsc
and decided not to upload it, because I cannot easily say if all the changes
are needed to fix the security issue (#444982 / CVE-2007-5193)
I noticed that you edited the changelog for 4.1.2-1 in the 4.1.2-2 package
_and_ did some related changes to it (adding suggests) and did at least one
(small) change which is not in changelog: change maintainer address.
This, _combined_ with my lack of knowledge of the package and therefore
inability to understand the changes without some effort, let me to the
decission to not sponsor the upload. Sorry.
But I've forwarded this issue to the testing-security team so they can upload
it. I _do_ think think if someone with more experience in webapps
_debian-packages_ looks at the patch, which is short, the package can
probably uploaded like it is, as a non-pefect changelog is cosmetic and can
be fixed in the next upload, while a security upload should be done rather
asap. OTOH, feel free to prepare -3 with a better changelog ;-)
regards,
Holger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20071018/797d3e54/attachment.pgp
More information about the Secure-testing-team
mailing list