-
mediawiki (1:1.15.5-7) unstable; urgency=high
* debian/patches/CVE-2011-4360.patch: remove – the information
disclosure does not happen on 1.15 and the patch would not
work anyway because the OutputPage object has no setTitle
method (this prevents a PHP fatal error when someone has no
permissions, instead reverting to the pre-1:1.15.5-4 behaviour
of showing a page asking the user to log in)
-- Thorsten Glaser <email address hidden> Fri, 20 Jan 2012 17:13:28 +0100
-
mediawiki (1:1.15.5-5) unstable; urgency=high
* Security fixes from upstream:
CVE-2011-1578 - XSS for IE <= 6
CVE-2011-1579 - CSS validation error in wikitext parser
CVE-2011-1580 - access control checks on transwiki import feature
CVE-2011-1587 - fix incomplete patch for CVE-2011-1578
-- Ubuntu Archive Auto-Sync <email address hidden> Mon, 26 Dec 2011 17:50:13 +0000
-
mediawiki (1:1.15.5-4) unstable; urgency=low
[ Thorsten Glaser ]
* debian/patches/fix_invalid_sql.patch: new (Closes: #615983)
[ Jonathan Wiltshire ]
* Security fixes from upstream (Closes: #650434):
CVE-2011-4360 - page titles on private wikis could be exposed
bypassing different page ids to index.php
CVE-2011-4361 - action=ajax requests were dispatched to the
relevant function without any read permission checks being done
-- Ubuntu Archive Auto-Sync <email address hidden> Mon, 05 Dec 2011 11:01:33 +0000
-
mediawiki (1:1.15.5-3build1) oneiric; urgency=low
* Rebuild to pick up armel ocaml fixes.
-- Adam Conrad <email address hidden> Fri, 19 Aug 2011 13:29:06 -0600