I've been unable to verify that but the changelog for 4.1.6 states: Changes in v 4.1.6 include: [...] * Security fixes Haven't seen a CVE-ID or similar for this. Anyway, I've bumped the package and hand this to you guys. Do we continue with the 30-days in the tree until stable route or shall we fast-track this one - given that between 4.1.6 and latest stable there *are* security releases?
*** Bug 435028 has been marked as a duplicate of this bug. ***
Thanks for the report, Matti. I doubt this affects the current stable version, but since there is no documentation we can err on the side of caution. No, we do not have to wait 30 days for security bugs. Arches, please test and mark stable =www-apps/b2evolution-4.1.6
amd64 stable
x86 stable
ppc stable
alpha keywords dropped
Thanks, everyone. Closing noglsa for XSS issue.