lp:debian/mediawiki
- Get this branch:
- bzr branch lp:debian/mediawiki
Branch information
- Owner:
- Ubuntu branches
- Status:
- Development
Recent revisions
- 64. By Thijs Kinkhorst
-
* Non-maintainer upload.
* Add patch fixing several security issues:
- (bug T85848, bug T71210) SECURITY: Don't parse XMP blocks that
contain XML entities, to prevent various DoS attacks.
- (bug T88310) SECURITY: Always expand xml entities when checking
SVG's.
- (bug T73394) SECURITY: Escape > in Html::expandAttributes to
prevent XSS.
- (bug T85855) SECURITY: Don't execute another user's CSS or JS
on preview.
- (bug T85349, bug T85850, bug T86711) SECURITY: Multiple issues
fixed in SVG filtering to prevent XSS and protect viewer's
privacy. - 63. By Sebastien Delafond
-
* Non-maintainer upload.
* Add patch fixing T76686: thumb.php outputs wikitext message as raw
HTML, which could lead to xss. Permission to edit MediaWiki namespace
is required to exploit this. - 62. By Sebastien Delafond
-
* Non-maintainer upload.
* CVE-2014-9277: The <cross-domain- policy> mangling in OutputHandler.php
poses a potentially severe security problem for API clients written in
PHP, in that format=php is affected (Closes: #772764). - 60. By Thorsten Glaser
-
* Make debian/rules get-orig-source-tg call uscan automatically
* New upstream security release:
- (bug 70672) SECURITY: OutputPage: Remove separation of css
and js module allowance. - 59. By Thorsten Glaser
-
[ Mert Dirik ]
* Update turkish Debconf translation (Closes: #759878)[ Thorsten Glaser ]
* Remove Romain Beauxis’ bouncing eMail address
* Acknowledge NMU (1:1.19.18+dfsg- 0.1) – thanks!
* New upstream security and maintenance release:
- (bug 69008) SECURITY: Enhance CSS filtering in SVG files.
Filter <style> elements; normalize style elements and
attributes before filtering; add checks for attributes that
contain css; add unit tests for html5sec and reported bugs.
* Bump Policy (no change required)
* Update lintian overrides - 58. By Salvatore Bonaccorso
-
* Non-maintainer upload with maintainers approval.
* Imported Upstream version 1.19.18+dfsg
(Closes: #758510)
- CVE-2014-5241 (bug 68187) SECURITY: Prepend jsonp callback with comment.
- CVE-2014-5243 (bug 65778) SECURITY: Copy prevent-clickjacking between
OutputPage and ParserOutput. - 57. By Thorsten Glaser
-
* New upstream security and maintenance release:
- (bug 65839) SECURITY: Prevent external resources in SVG files.
- (bug 66428) MimeMagic: Don't seek before BOF. This has weird
side effects like only extracting the tail of the file partially
or not at all.
* Update lintian overrides - 56. By Thorsten Glaser
-
* New upstream security and maintenance release:
- CVE-2014-3966 (bug 65501) SECURITY: Don't parse usernames as
wikitext on Special:PasswordReset.
* Update debian/upstream/ signing- key.asc - 55. By Thorsten Glaser
-
* Depend on recent enough php5-common version to be able to use
php5{en,dis}mod in maintainer scripts (Closes: #743893)
* Urgency high because this rides on the previous security fix
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:debian/squeeze/mediawiki