-
mediawiki (1:1.19.8+dfsg-1) unstable; urgency=low
* mediawiki-math is now called mediawiki-extensions-math
⇒ update the package relationship fields
* Make my self-drawn CC images nicer and more consistent
* New upstream security release
* Secure the default images directory (Closes: #716884)
* Allow PDF upload (Closes: #716957)
* Nuke ref to ENOENT dir (Closes: #705107)
* Update debian/copyright information
* Pull upstream patch to fix variables (Closes: #709943)
* Sort patches ASCIIbetically; refresh them against new version
* For Apache 2.4, move configuration file (Closes: #669832)
-- Thorsten Glaser <email address hidden> Thu, 05 Sep 2013 17:07:53 +0200
-
mediawiki (1:1.19.7+dfsg-1) unstable; urgency=low
* New low-impact upstream security release
* Refresh patches
* Change watch file to track upstream LTS version
* Replace trademarked image files by self-drawn Free ones
* Fix VCS-* URLs – prodded by lintian from experimental
* Policy 3.9.4 with no further changes needed
-- Thorsten Glaser <email address hidden> Thu, 23 May 2013 11:03:39 +0000
-
mediawiki (1:1.19.6-1) unstable; urgency=low
* New upstream security release (Closes: #706601):
- SVG script filtering could be bypassed for Chrome and Firefox
clients by using an encoding that MediaWiki understood, but these
browsers interpreted as UTF-8. (CVE-2013-2031)
- Internal review discovered that extensions were not given the
opportunity to disable a password reset, which could lead to
circumvention of two-factor authentication (CVE-2013-2032)
-- Jonathan Wiltshire <email address hidden> Sat, 11 May 2013 16:07:43 +0100
-
mediawiki (1:1.19.5-1) unstable; urgency=high
[ Platonides ]
* Update config URL in README.Debian (Closes: #703804)
[ Thorsten Glaser ]
* Re-add LocalSettings creation snippet for support of the
mediawiki-extensions Debian packaging (Closes: #703852)
* New upstream security-only release:
- (bug 47251) SECURITY: Disable external entities in Import
- (bug 46859) SECURITY: Disable external entities in XMLReader
- (bug 46084) SECURITY: Sanitize $limitReport before outputting
- (bug 43594) Fix notices displayed on PHP 5.4
- (bug 40585) Don't drop 'step="any"' in HTML input fields.
* Refresh patches against new upstream code
-- Thorsten Glaser <email address hidden> Tue, 16 Apr 2013 11:04:05 +0200