Ubuntu
mediawiki package

Change logs for mediawiki source package in Saucy

  1. Saucy (13.10)
  2. Change log 
  • mediawiki (1:1.19.8+dfsg-1) unstable; urgency=low


  * mediawiki-math is now called mediawiki-extensions-math
    ⇒ update the package relationship fields
  * Make my self-drawn CC images nicer and more consistent
  * New upstream security release
  * Secure the default images directory (Closes: #716884)
  * Allow PDF upload (Closes: #716957)
  * Nuke ref to ENOENT dir (Closes: #705107)
  * Update debian/copyright information
  * Pull upstream patch to fix variables (Closes: #709943)
  * Sort patches ASCIIbetically; refresh them against new version
  * For Apache 2.4, move configuration file (Closes: #669832)

 -- Thorsten Glaser <email address hidden>  Thu, 05 Sep 2013 17:07:53 +0200
  • mediawiki (1:1.19.7+dfsg-1) unstable; urgency=low


  * New low-impact upstream security release
  * Refresh patches
  * Change watch file to track upstream LTS version
  * Replace trademarked image files by self-drawn Free ones
  * Fix VCS-* URLs – prodded by lintian from experimental
  * Policy 3.9.4 with no further changes needed

 -- Thorsten Glaser <email address hidden>  Thu, 23 May 2013 11:03:39 +0000
  • mediawiki (1:1.19.6-1) unstable; urgency=low


  * New upstream security release (Closes: #706601):
    - SVG script filtering could be bypassed for Chrome and Firefox
      clients by using an encoding that MediaWiki understood, but these
      browsers interpreted as UTF-8. (CVE-2013-2031)
    - Internal review discovered that extensions were not given the
      opportunity to disable a password reset, which could lead to
      circumvention of two-factor authentication (CVE-2013-2032)

 -- Jonathan Wiltshire <email address hidden>  Sat, 11 May 2013 16:07:43 +0100
  • mediawiki (1:1.19.5-1) unstable; urgency=high


  [ Platonides ]
  * Update config URL in README.Debian (Closes: #703804)

  [ Thorsten Glaser ]
  * Re-add LocalSettings creation snippet for support of the
    mediawiki-extensions Debian packaging (Closes: #703852)
  * New upstream security-only release:
    - (bug 47251) SECURITY: Disable external entities in Import
    - (bug 46859) SECURITY: Disable external entities in XMLReader
    - (bug 46084) SECURITY: Sanitize $limitReport before outputting
    - (bug 43594) Fix notices displayed on PHP 5.4
    - (bug 40585) Don't drop 'step="any"' in HTML input fields.
  * Refresh patches against new upstream code

 -- Thorsten Glaser <email address hidden>  Tue, 16 Apr 2013 11:04:05 +0200