-
mediawiki (1:1.15.5-3) unstable; urgency=high
[ Thorsten Glaser ]
* debian/patches/fix_datetime.patch: new, convert argument into
the format expected by other methods, fixes date/time output
in e.g. the News/RSS extensions
[ Jonathan Wiltshire ]
* CVE-2011-0047: Protect against a CSS injection vulnerability
(closes: #611787)
* Update my email address
-- Micah Gersten <email address hidden> Tue, 08 Feb 2011 18:40:58 +0000
-
mediawiki (1:1.15.5-2) testing-security; urgency=high
* CVE-2011-0003: Protect against clickjacking by sending the
X-Frame-Options header in all pages (except normal page views
and a few selected special pages). Patch as released by upstream
-- Jonathan Wiltshire <email address hidden> Mon, 10 Jan 2011 16:48:16 +0000
-
mediawiki (1:1.15.5-1) unstable; urgency=high
[ Thorsten Glaser ]
* debian/patches/suppress_warnings.patch: new, suppress warnings
about session_start() being called twice also in the PHP error
log, not just MediaWiki’s, for example run from FusionForge
[ Jonathan Wiltshire ]
* New upstream security release:
- correctly set caching headers to prevent private data leakage
(closes: #590660, LP: #610782)
- fix XSS vulnerability in profileinfo.php
(closes: #590669, LP: #610819)
-- Jonathan Wiltshire <email address hidden> Wed, 28 Jul 2010 12:23:04 +0100