Debian
mediawiki package

Branches for Sid

Name Status Last Modified Last Commit
lp:debian/mediawiki bug 1 Development 2015-04-06 16:53:54 UTC
64. * Non-maintainer upload. * Add patch ...

Author: Thijs Kinkhorst
Revision Date: 2015-04-06 16:53:54 UTC

* Non-maintainer upload.
* Add patch fixing several security issues:
  - (bug T85848, bug T71210) SECURITY: Don't parse XMP blocks that
     contain XML entities, to prevent various DoS attacks.
  - (bug T88310) SECURITY: Always expand xml entities when checking
    SVG's.
  - (bug T73394) SECURITY: Escape > in Html::expandAttributes to
    prevent XSS.
  - (bug T85855) SECURITY: Don't execute another user's CSS or JS
    on preview.
  - (bug T85349, bug T85850, bug T86711) SECURITY: Multiple issues
    fixed in SVG filtering to prevent XSS and protect viewer's
    privacy.
11 of 1 result FirstPreviousNextLast