Ubuntu
mediawiki package

lp:ubuntu/maverick/mediawiki

  1. Maverick (10.10)
  2. maverick
Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/maverick/mediawiki
Members of Ubuntu branches can upload to this branch. Log in for directions.

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

28. By Jonathan Wiltshire

[ Thorsten Glaser ]
* debian/patches/suppress_warnings.patch: new, suppress warnings
  about session_start() being called twice also in the PHP error
  log, not just MediaWiki’s, for example run from FusionForge

[ Jonathan Wiltshire ]
* New upstream security release:
  - correctly set caching headers to prevent private data leakage
       (closes: #590660, LP: #610782)
  - fix XSS vulnerability in profileinfo.php
       (closes: #590669, LP: #610819)

27. By Jonathan Wiltshire

[ Thorsten Glaser ]
* debian/control: add Vcs-SVN and Vcs-Browser

[ Jonathan Wiltshire ]
* debian/source/format: Switch to source format 3.0 (quilt)
* debian/rules: Drop CDBS quilt logic
* debian_specific_config.patch: Don't just redefine MW_INSTALL_PATH,
  remove the original definition (LP: #406358)
* debian/README.source: document use of quilt and format 3.0 (quilt)
* New patch backup_documentation.patch improves documentation of
  maintenance/dumpBackup.php (closes: #572355)
* Standards version 3.9.0 (no changes)

26. By Romain Beauxis

[ Jonathan Wiltshire ]
* New upstream security release (closes: #585918).
* CVE-2010-1647:
  Fix a cross-site scripting (XSS) vulnerability which allows
  remote attackers to inject arbitrary web script or HTML via crafted
  Cascading Style Sheets (CSS) strings that are processed as script by
  Internet Explorer.
* CVE-2010-1648:
  Fix a cross-site request forgery (CSRF) vulnerability in the login interface
  which allows remote attackers to hijack the authentication of users for
  requests that (1) create accounts or (2) reset passwords, related to the
  Special:Userlogin form.

[ Romain Beauxis ]
* Put debian's package version in declared version.
  Should help sysadmins to keep track of installed
  versions, in particular with regard to security
  updates.
* Added Jonathan Wiltshire to uploaders.
* Do not clan math dir if it does not exist (for instance
  when running clean from SVN).

25. By Andreas Wenning

* SECURITY UPDATE: A CSRF vulnerability was discovered in our login
  interface. Although regular logins are protected as of 1.15.3, it was
  discovered that the account creation and password reset features were not
  protected from CSRF. This could lead to unauthorised access to private
  wikis. (LP: #586773)
  - debian/patches/CSRF-Special-Userlogin-no-CVE_rev-66991.patch
  - patch from upstream SVN rev. 66991
  - http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
  - https://bugzilla.wikimedia.org/show_bug.cgi?id=23371
* SECURITY UPDATE: Noncompliant CSS parsing behaviour in Internet Explorer
  allows attackers to construct CSS strings which are treated as safe by
  previous versions of MediaWiki, but are decoded to unsafe strings by
  Internet Explorer. (LP: #586773)
  - debian/patches/XSS-IE-no-CVE_rev-66992.patch
  - patch from upstream SVN rev. 66992
  - http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
  - https://bugzilla.wikimedia.org/show_bug.cgi?id=23687

24. By Andreas Wenning

* SECURITY UPDATE: MediaWiki was found to be vulnerable to login CSRF. An
  attacker who controls a user account on the target wiki can force the
  victim to login as the attacker, via a script on an external website.
  IMPORTANT: Fix includes a breaking change to the API login action. Any
  clients using it will need to be updated. (LP: #557159)
  - debian/patches/CSRF-no-CVE_rev-64680.patch
  - patch from upstream SVN rev. 64680
  - http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-April/000090.html
  - https://bugzilla.wikimedia.org/show_bug.cgi?id=23076

23. By Andreas Wenning

* SECURITY UPDATE: CSS validation issue allowing external images to be included
  into wikis where that is disallowed by conf. (LP: #537974)
  - debian/patches/CSS-no-CVE_rev-63429.patch
  - patch from upstream SVN rev. 63429
  - http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html
* SECURITY UPDATE: Data leakage vulnerability in thumb.php affecting wikis
  which restrict access to private files using eg. img_auth.php.
  - debian/patches/DataLeakage-no-CVE_rev-63436.patch
  - patch from upstream SVN rev. 63436
  - http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html

22. By Romain Beauxis

* New upstream release.
* Ack previous NMU, thanks to Nico Golde for taking care
  of this.

21. By Nico Golde <email address hidden>

* Non-maintainer upload by the Security Team.
* Fix cross-site scripting in [[Special:Block]]
  (No CVE id yet; XSS-no-CVE.patch; Closes: #537634).

20. By Romain Beauxis

* New upstream release.
* Upstream added support for OASIS documents.
Closes: #530328
* Refreshed quilt patches
* Bumped standards versions to 3.8.2
* Bumped compat to 7
* Pointed to GPL-2 in debian/copyright
* Added php5-sqlite to possible DB backend dependencies.
Closes: #501569
* Proofread README.Debian, upgrade is documented there.
Closes: #520121

19. By Andreas Wenning

* Merge from debian unstable, remaining changes:
  - Add debian/patches/add-OOo-Mimetypes.diff

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/natty/mediawiki
This branch contains Public information 
Everyone can see this information.

Subscribers