Publishing details

Removed from disk on 2018-01-22.
Removal requested on 2015-12-21.
Deleted on 2015-12-21 by Colin Watson
(From Debian) RoQA; not suitable for a stable release, outdated version; Debian bug #805588
Published on 2015-10-22
Copied from debian sid in Primary Archive for Debian GNU/Linux

Changelog

mediawiki (1:1.19.20+dfsg-2.3) unstable; urgency=high


  * Non-maintainer upload.
  * Add patch fixing several security issues:
    - (bug T85848, bug T71210) SECURITY: Don't parse XMP blocks that
       contain XML entities, to prevent various DoS attacks.
    - (bug T88310) SECURITY: Always expand xml entities when checking
      SVG's.
    - (bug T73394) SECURITY: Escape > in Html::expandAttributes to
      prevent XSS.
    - (bug T85855) SECURITY: Don't execute another user's CSS or JS
      on preview.
    - (bug T85349, bug T85850, bug T86711) SECURITY: Multiple issues
      fixed in SVG filtering to prevent XSS and protect viewer's
      privacy.

 -- Thijs Kinkhorst <email address hidden>  Mon, 06 Apr 2015 16:53:54 +0000

Available diffs

diff from 1:1.19.20+dfsg-2.2 to 1:1.19.20+dfsg-2.3 (7.6 KiB)

Builds

Package files

mediawiki-classes_1.19.20+dfsg-2.3_all.deb (37.5 KiB)
mediawiki_1.19.20+dfsg-2.3.debian.tar.xz (67.8 KiB)
mediawiki_1.19.20+dfsg-2.3.dsc (1.7 KiB)
mediawiki_1.19.20+dfsg-2.3_all.deb (11.1 MiB)
mediawiki_1.19.20+dfsg.orig.tar.xz (11.1 MiB)