Re: [Sysadmins] [SECURITY] [DSA 1524-1] New krb5 packages fix multiple vulnerabilities

Joshua Hutchins <[EMAIL PROTECTED]> writes: > Does this problem affect the version in testing/unstable > (1.6.dfsg.3~beta1-3)? The original advisory from MIT mentions version > 1.6.3 and earlier are vulnerable, so I assume that the versions in > lenny/sid are? Yes. 1.6.dfsg.3~beta1-4 was upload

Re: [SECURITY] [DSA 1523-1] New ikiwiki packages fix cross-site scripting

* Ronny Adsetts: > My understanding is that the security team don't generally provide > updates for unstable. The DSA simply notes the unstable version in > which the security hole was fixed. Exactly, I looked at our records (and the ikiwiki homepage), and listed the version that was reported the

Re: [Sysadmins] [SECURITY] [DSA 1524-1] New krb5 packages fix multiple vulnerabilities

Does this problem affect the version in testing/unstable (1.6.dfsg.3~beta1-3)? The original advisory from MIT mentions version 1.6.3 and earlier are vulnerable, so I assume that the versions in lenny/sid are? Thanks, Joshua Hutchins Noah Meyerhans wrote: > -

Re: [SECURITY] [DSA 1523-1] New ikiwiki packages fix cross-site scripting

Hi, On Tue, Mar 18, 2008 at 03:03:00PM +, Ronny Adsetts wrote: > >The question is, why the security team releases 2.31.1 as security > >update while 2.40 is the current version and not only since a few > >days. > > My understanding is that the security team don't generally provide updates >

Re: [SECURITY] [DSA 1523-1] New ikiwiki packages fix cross-site scripting

Hi, On Tue, Mar 18, 2008 at 10:00:18AM +, Ronny Adsetts wrote: > >>For the unstable distribution (sid), this problem has been fixed in > >>version 2.31.1. > > > >Ehm, that's strange somehow since unstable, testing and even > >etch-backports already have ikwiki 2.40: > > > >http://packages.debi

Re: [SECURITY] [DSA 1523-1] New ikiwiki packages fix cross-site scripting

Axel Beckert said at 18/03/2008 14:56: On Tue, Mar 18, 2008 at 10:00:18AM +, Ronny Adsetts wrote: For the unstable distribution (sid), this problem has been fixed in version 2.31.1. Ehm, that's strange somehow since unstable, testing and even etch-backports already have ikwiki 2.40: http:/

Re: [SECURITY] [DSA 1523-1] New ikiwiki packages fix cross-site scripting

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Axel Beckert wrote: > Hi, > > On Mon, Mar 17, 2008 at 09:51:09PM +0100, Florian Weimer wrote: >> For the unstable distribution (sid), this problem has been fixed in >> version 2.31.1. > > Ehm, that's strange somehow since unstable, testing and even >

Re: [SECURITY] [DSA 1523-1] New ikiwiki packages fix cross-site scripting

Axel Beckert said at 18/03/2008 09:12: On Mon, Mar 17, 2008 at 09:51:09PM +0100, Florian Weimer wrote: For the unstable distribution (sid), this problem has been fixed in version 2.31.1. Ehm, that's strange somehow since unstable, testing and even etch-backports already have ikwiki 2.40: htt

Re: [SECURITY] [DSA 1523-1] New ikiwiki packages fix cross-site scripting

Hi, On Mon, Mar 17, 2008 at 09:51:09PM +0100, Florian Weimer wrote: > For the unstable distribution (sid), this problem has been fixed in > version 2.31.1. Ehm, that's strange somehow since unstable, testing and even etch-backports already have ikwiki 2.40: http://packages.debian.org/ikiwiki