Come on. Letting this expire is kinda harsh.
Either retract the package or update it.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1370227
Title:
Mediawiki package vulnerable to CVE-2014-2665
To
[Expired for mediawiki (Ubuntu) because there has been no activity for
60 days.]
** Changed in: mediawiki (Ubuntu)
Status: Incomplete => Expired
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/13
Sorry, me misreading the mediawiki bug tracker. This is not CVE-2014-2665 , but
the fix for that cve broke the password recovery function is intended to
protect:
http://www.mediawiki.org/wiki/Thread:Project:Support_desk/Session_Hijacking_error_after_Update_1.19.14
But still, the mediawiki packa
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is availabl
Our CVE tracker database shows that only 12.04 LTS is affected by this:
http://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2014-2665
Is our database incorrect?
Thanks
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bug
