-
mediawiki (1:1.19.14+dfsg-1) unstable; urgency=medium
* New upstream security fix release (Closes: #742857):
- (bug 62497) SECURITY: Add CSRF token on Special:ChangePassword
- (bug 62467) Set a title for the context during import on the cli
* Use upstream-provided signing key bundle
-- Thorsten Glaser <email address hidden> Fri, 28 Mar 2014 09:56:29 +0100
-
mediawiki (1:1.19.11+dfsg-1) unstable; urgency=medium
* New upstream security fix release:
- CVE-2014-1610 (bug 60339) remote code exec in Djvu thumbnailer
* Update upstream signing key location to devscript maintainers’
latest whim…
* Rely on uscan in get-orig-source instead of downloading manually
-- Thorsten Glaser <email address hidden> Wed, 29 Jan 2014 10:10:39 +0100
-
mediawiki (1:1.19.10+dfsg-1) unstable; urgency=high
* New upstream security fix release:
- CVE-2013-4568 (bug 58088) Don't normalize U+FF3C to \ in CSS Checks
- CVE-2013-6452 (bug 57550) Disallow stylesheets in SVG Uploads
- CVE-2013-6453 (bug 58553) Return error on invalid XML for SVG Uploads
- CVE-2013-6454 (bug 58472) Disallow -o-link in styles
- CVE-2013-6472 (bug 58699) Fix RevDel log entry information leaks
-- Thorsten Glaser <email address hidden> Tue, 14 Jan 2014 10:51:35 +0100
-
mediawiki (1:1.19.9+dfsg-2) unstable; urgency=medium
* Ship files in /etc/mediawiki-extensions/extensions-available/
for extensions shipped with the mediawiki core
* Correct typo in changelog for 1:1.19.9+dfsg-1
-- Thorsten Glaser <email address hidden> Tue, 31 Dec 2013 14:00:37 +0100
-
mediawiki (1:1.19.8+dfsg-2.2) unstable; urgency=high
* Non-maintainer upload
* Security fixes (Closes: #729629):
- Kevin Israel (Wikipedia user PleaseStand) identified and reported two
vectors for injecting Javascript in CSS that bypassed MediaWiki's
blacklist [CVE-2013-4567, CVE-2013-4568]
- Internal review while debugging a site issue discovered that MediaWiki
and the CentralNotice extension were incorrectly setting cache headers
when a user was autocreated, causing the user's session cookies to be
cached, and returned to other users [CVE-2013-4572]
* New Polish debconf translation, thanks to Magdalena Z. Kubot
(Closes: #731381)
-- David Prévot <email address hidden> Sun, 08 Dec 2013 16:13:40 -0400
-
mediawiki (1:1.19.8+dfsg-2.1) unstable; urgency=low
* Provide includes/libs in mediawiki-classes (Closes: #703837)
-- David Prévot <email address hidden> Wed, 23 Oct 2013 11:29:27 -0400
-
mediawiki (1:1.19.8+dfsg-2) unstable; urgency=low
[ Thorsten Glaser ]
* debian/rules: get-orig-source now leaves the repacked origtgz
in ./ ipv in ./debian/ according to Policy §4.9 (noticed by
Natureshadow)
* Add version guards to apache.conf
[ Jonathan Wiltshire ]
* Update apache.conf for Apache 2.4 syntax changes, and document
in debian/NEWS (Closes: #723620, #669832)
-- Jonathan Wiltshire <email address hidden> Tue, 24 Sep 2013 19:04:42 +0100
-
mediawiki (1:1.19.8+dfsg-1) unstable; urgency=low
* mediawiki-math is now called mediawiki-extensions-math
⇒ update the package relationship fields
* Make my self-drawn CC images nicer and more consistent
* New upstream security release
* Secure the default images directory (Closes: #716884)
* Allow PDF upload (Closes: #716957)
* Nuke ref to ENOENT dir (Closes: #705107)
* Update debian/copyright information
* Pull upstream patch to fix variables (Closes: #709943)
* Sort patches ASCIIbetically; refresh them against new version
* For Apache 2.4, move configuration file (Closes: #669832)
-- Thorsten Glaser <email address hidden> Thu, 05 Sep 2013 17:07:53 +0200