-
mediawiki (1:1.19.18+dfsg-0.1) unstable; urgency=high
* Non-maintainer upload with maintainers approval.
* Imported Upstream version 1.19.18+dfsg
(Closes: #758510)
- CVE-2014-5241 (bug 68187) SECURITY: Prepend jsonp callback with comment.
- CVE-2014-5243 (bug 65778) SECURITY: Copy prevent-clickjacking between
OutputPage and ParserOutput.
-- Salvatore Bonaccorso <email address hidden> Sun, 24 Aug 2014 06:47:35 +0200
-
mediawiki (1:1.19.17+dfsg-1) unstable; urgency=medium
* New upstream security and maintenance release:
- (bug 65839) SECURITY: Prevent external resources in SVG files.
- (bug 66428) MimeMagic: Don't seek before BOF. This has weird
side effects like only extracting the tail of the file partially
or not at all.
* Update lintian overrides
-- Thorsten Glaser <email address hidden> Thu, 26 Jun 2014 09:57:03 +0200
-
mediawiki (1:1.19.16+dfsg-1) unstable; urgency=medium
* New upstream security and maintenance release:
- CVE-2014-3966 (bug 65501) SECURITY: Don't parse usernames as
wikitext on Special:PasswordReset.
* Update debian/upstream/signing-key.asc
-- Thorsten Glaser <email address hidden> Wed, 11 Jun 2014 16:35:39 +0200
-
mediawiki (1:1.19.15+dfsg-2) unstable; urgency=high
* Depend on recent enough php5-common version to be able to use
php5{en,dis}mod in maintainer scripts (Closes: #743893)
* Urgency high because this rides on the previous security fix
-- Thorsten Glaser <email address hidden> Tue, 08 Apr 2014 09:46:46 +0200
-
mediawiki (1:1.19.14+dfsg-1) unstable; urgency=medium
* New upstream security fix release (Closes: #742857):
- (bug 62497) SECURITY: Add CSRF token on Special:ChangePassword
- (bug 62467) Set a title for the context during import on the cli
* Use upstream-provided signing key bundle
-- Thorsten Glaser <email address hidden> Fri, 28 Mar 2014 09:56:29 +0100