-
mediawiki (1:1.19.5-1) unstable; urgency=high
[ Platonides ]
* Update config URL in README.Debian (Closes: #703804)
[ Thorsten Glaser ]
* Re-add LocalSettings creation snippet for support of the
mediawiki-extensions Debian packaging (Closes: #703852)
* New upstream security-only release:
- (bug 47251) SECURITY: Disable external entities in Import
- (bug 46859) SECURITY: Disable external entities in XMLReader
- (bug 46084) SECURITY: Sanitize $limitReport before outputting
- (bug 43594) Fix notices displayed on PHP 5.4
- (bug 40585) Don't drop 'step="any"' in HTML input fields.
* Refresh patches against new upstream code
-- Thorsten Glaser <email address hidden> Tue, 16 Apr 2013 11:04:05 +0200
-
mediawiki (1:1.19.4-1) unstable; urgency=high
* Urgency high for security fix
* New upstream release:
- New preference type - 'api'. Preferences of this type are not shown
on Special:Preferences, but are still available via the
action=options API.
- (bug 44010) Context is passed to UserGetLanguageObject.
- The recursion guard on RequestContext::getLanguage() was weakened.
- (bug 44135/bug 42441) Pass '2' instead of 'true' to CURLOPT_SSL_VERIFYHOST
- (bug 43518) API action=unblock should return the user name, not the
full user object (Closes: #702305)
- Increase timeout values for some tests
-- Jonathan Wiltshire <email address hidden> Mon, 04 Mar 2013 23:06:30 +0000
-
mediawiki (1:1.19.3-2) unstable; urgency=low
* Add missing changelog entries to 1:1.19.3-1 upload (oops…)
* Upstream patch to fix XHTML issue in Special:Upload (BZ#40889)
* Upstream patch to fix another MySQLism (BZ#39635) (Closes: #700595)
* Update lintian overrides
-- Thorsten Glaser <email address hidden> Mon, 18 Feb 2013 10:24:08 +0100
-
mediawiki (1:1.19.3-1) unstable; urgency=high
[ Dominik George ]
* Team upload
* New upstream version fixes security issues (Closes: #694998)
+ Prevent session fixation in Special:UserLogin (CVE-2012-5391)
https://bugzilla.wikimedia.org/show_bug.cgi?id=40995
+ Prevent linker regex from exceeding PCRE backtrack limit
https://bugzilla.wikimedia.org/show_bug.cgi?id=41400
[ Thorsten Glaser ]
* Fix spelling error in README.Debian (thanks lintian!)
-- Dominik George <email address hidden> Wed, 12 Dec 2012 09:44:08 +0100
-
mediawiki (1:1.19.2-2) unstable; urgency=low
* debian/watch: mangle the epoch away so DDPO is green again
* Break mw-ext-fckeditor, it doesn’t work with 1.19 (Closes: #689375)
-- Thorsten Glaser <email address hidden> Tue, 02 Oct 2012 14:09:42 +0200