(From Debian) RoQA; not suitable for a stable release, outdated version; Debian bug #805588
mediawiki (1:1.19.20+dfsg-2.3) unstable; urgency=high * Non-maintainer upload. * Add patch fixing several security issues: - (bug T85848, bug T71210) SECURITY: Don't parse XMP blocks that contain XML entities, to prevent various DoS attacks. - (bug T88310) SECURITY: Always expand xml entities when checking SVG's. - (bug T73394) SECURITY: Escape > in Html::expandAttributes to prevent XSS. - (bug T85855) SECURITY: Don't execute another user's CSS or JS on preview. - (bug T85349, bug T85850, bug T86711) SECURITY: Multiple issues fixed in SVG filtering to prevent XSS and protect viewer's privacy. -- Thijs Kinkhorst <email address hidden> Mon, 06 Apr 2015 16:53:54 +0000