diff options
author | smcv <smcv@web> | 2015-04-14 13:33:32 -0400 |
---|---|---|
committer | admin <admin@branchable.com> | 2015-04-14 13:33:32 -0400 |
commit | 8ad932efd511376c3a9889b40a8fb16e2ba5e9a3 (patch) | |
tree | da38cd71937989660128d46b3ed0196d6f196c06 /doc/bugs/XSS_Alert...__33____33____33__.mdwn | |
parent | fde1b02ba8528a8951bde8c8f7069e67e8851284 (diff) | |
download | ikiwiki-8ad932efd511376c3a9889b40a8fb16e2ba5e9a3.tar ikiwiki-8ad932efd511376c3a9889b40a8fb16e2ba5e9a3.tar.gz |
yes Debian wheezy is vulnerable, a proposed-update is queued
Diffstat (limited to 'doc/bugs/XSS_Alert...__33____33____33__.mdwn')
-rw-r--r-- | doc/bugs/XSS_Alert...__33____33____33__.mdwn | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/doc/bugs/XSS_Alert...__33____33____33__.mdwn b/doc/bugs/XSS_Alert...__33____33____33__.mdwn index c44ab0971..cb9618777 100644 --- a/doc/bugs/XSS_Alert...__33____33____33__.mdwn +++ b/doc/bugs/XSS_Alert...__33____33____33__.mdwn @@ -41,3 +41,13 @@ raghav007bisht@gmail.com > Are versions `3.20120629` or `3.20130904.1~bpo70+1` vulnerable? (`wheezy` and > `wheezy-backports`, respectively) — [[Jon]] + +>> 3.20120629 is vulnerable; fixed in 3.20120629.2, which is in the proposed-updates +>> queue (the security team declined to issue a DSA). The blogspam plugin doesn't +>> work in wheezy either; again, a fix is in the proposed-updates queue. +>> +>> 3.20130904.1~bpo70+1 is almost certainly vulnerable, it looks as though someone +>> has done a drive-by backport but not kept it updated. None of ikiwiki's Debian +>> maintainers are involved in that backport; the .deb from jessie (or even from +>> experimental) works fine on wheezy without recompilation. I use the latest +>> upstream release from experimental on my otherwise-Debian-7 server. --[[smcv]] |