Accepted ikiwiki 3.20120629.2+deb7u1 (all source) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 09 May 2016 22:38:35 +0100
Source: ikiwiki
Binary: ikiwiki
Architecture: all source
Version: 3.20120629.2+deb7u1
Distribution: wheezy-security
Urgency: medium
Maintainer: Simon McVittie <smcv@debian.org>
Changed-By: Simon McVittie <smcv@debian.org>
Description:
ikiwiki - a wiki compiler
Changes:
ikiwiki (3.20120629.2+deb7u1) wheezy-security; urgency=medium
.
* HTML-escape error messages, in one case avoiding potential cross-site
scripting (CVE-2016-4561, OVE-20160505-0012)
* Update img plugin to version 3.20160509 to mitigate ImageMagick
vulnerabilities, including remote code execution (CVE-2016-3714):
- Never convert SVG images to PNG; simply pass them through to the
browser. This prevents exploitation of any ImageMagick SVG coder
vulnerabilities. (joeyh)
- Do not resize image formats other than JPEG, PNG, GIF unless
specifically configured to do so. This prevents exploitation
of any vulnerabilities in less common coders, such as MVG.
(schmonz, smcv)
- Do not resize JPEG, PNG, GIF, PDF images if their extensions do
not match their "magic numbers", because wiki admins might try to
restrict attachments by extension, but ImageMagick can base its
choice of coder on the magic number. Explicitly force the
obvious ImageMagick coder to be used. (smcv)
* Minor non-security changes resulting from that update, since
reverting them seems higher-risk than keeping them:
- Add PDF support, disabled by the above changes unless specifically
configured (chrysn)
- Only render one frame or page from animated GIF or multi-page PDF
(chrysn)
- Do not distort aspect ratio when resizing small images (chrysn)
- Use data: URLs to embed images in page previews (chrysn)
- Raise an error if the image's size cannot be determined (chrysn)
- Handle filenames containing a colon correctly (smcv)
* Add t/img.t regression test also taken from version 3.20160506
(chrysn, joeyh, schmonz, smcv)
* debian/tests: add metadata to run the img test as an autopkgtest
Checksums-Sha1:
f46cd8f9668b4c584683c32427d822a20118f37e 1853 ikiwiki_3.20120629.2+deb7u1.dsc
2acfcb2b7aeb8d13434a813977a29341b52cf3fa 2786046 ikiwiki_3.20120629.2+deb7u1.tar.gz
6c781ddd14070dcf9f664a79a760875ac79fe04b 1804326 ikiwiki_3.20120629.2+deb7u1_all.deb
Checksums-Sha256:
8396d1e28cdc838000e94c04bbd0d1df02841c535eaa778ae269c2cf5ef6b5b7 1853 ikiwiki_3.20120629.2+deb7u1.dsc
2e8c494f3b1fbc9fcb12f03a6453f5ee37da7e83489ac3c23c630b602f1c7638 2786046 ikiwiki_3.20120629.2+deb7u1.tar.gz
259975640bf1d621b0c624a8305d93d6a813cbdc6a9919e3a9c9f4ac4c33522e 1804326 ikiwiki_3.20120629.2+deb7u1_all.deb
Files:
5133ee90c2862a72c16986e7b8054c04 1853 web optional ikiwiki_3.20120629.2+deb7u1.dsc
e59af543ba211f482de0fad663709f4f 2786046 web optional ikiwiki_3.20120629.2+deb7u1.tar.gz
f3e41c0123af8a56b71fffb323497445 1804326 web optional ikiwiki_3.20120629.2+deb7u1_all.deb
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCAAGBQJXMQzxAAoJEE3o/ypjx8yQ6s8QAI2pIeKBSlJwYKYFso2sY65U
Ti+rXJ6Cm1yvXNyLGhmvY9gMn33jov0XoFlvxot0r3ds8WWIxRZAMd47aiUgVlJJ
BV6a8tXiEWrsXARv5KZHeoWj7HYMsP36Y4h/+QOY8uy0UtO8mm94QPLiVZotv1K6
QqBdTHuUyJHBl9DD1mbaergPb1JtSaqVPrHgWLCq7QS9UFvpUZKzuX8f2U07eTXM
IiFF1bLfnxjbp9ucz4X4/TRL4/gCVlyo6FeoMEIkCUcjY++jxkton2yn0E2shLik
yqhKdfuRtLdu267vEvch1uo/EvMsefNjdsM49lVAoiKPK4znw3lLhDltGq8iNI6O
N7xyXSMXGDp/SdPoDq4diRZ5OUt7USFVd0ImRGTUMBC6uY2NPSdOsqNFsX+fru1Z
i2NRCpfGfOzLkKDYlflccnB8TKetXqPWEQIENeJ58mq0nhPhiqB/5aht0D3pYCQb
zrOILOcug4k/yeib7EXc2e28FBmvZSxHoMSfqhkuQB/f+7Sqh5MjJqlpWBQr1Iy3
gwo6Stbl4vcBbb+QlSzHE/0iMaEXLYdJNQXy6eNF+d8z4wgtOhz7ZqFfcgYZaMYW
r2tynhATS8oNnoXsIw2qsWqhxl9gr8pVP4fd0EJs8Aj9qzzEC4rr4d00R8ddIUtY
pnnBnOGHuasSLVqMuYDM
=OAHu
-----END PGP SIGNATURE-----