Changelog
mediawiki (1:1.13.3-1) unstable; urgency=low
* New upstream release.
* Fix CVE-2008-5249: XSS vulnerability in MediaWiki:
"An XSS vulnerability affecting all MediaWiki installations between
1.13.0 and 1.13.2."
Closes: #508868
* Fix CVE-2008-5250: several local script injection vulnerabilities
in MediaWiki:
"o A local script injection vulnerability affecting Internet Explorer
clients for all MediaWiki installations with uploads enabled.
o A local script injection vulnerability affecting clients with SVG
scripting capability (such as Firefox 1.5+), for all MediaWiki
installations with SVG uploads enabled."
Closes: #508869
* Fix CVE-2008-5252: CSRF vulnerability affecting the Special:Import
feature in MediaWiki:
"A CSRF vulnerability affecting the Special:Import feature, for all
MediaWiki installations since the feature was introduced in 1.3.0."
Closes: #508870
-- Romain Beauxis <email address hidden> Thu, 18 Dec 2008 02:37:58 +0100