Back to mediawiki PTS page

Accepted mediawiki 1:1.19.11+dfsg-0+deb7u1 (source all)



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA384

Format: 1.8
Date: Mon, 10 Feb 2014 13:07:38 +0100
Source: mediawiki
Binary: mediawiki
Architecture: source all
Version: 1:1.19.11+dfsg-0+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Mediawiki Maintenance Team <pkg-mediawiki-devel@lists.alioth.debian.org>
Changed-By: Thorsten Glaser <tg@mirbsd.de>
Description: 
 mediawiki  - website engine for collaborative work
Closes: 706601 716884 719208 729629
Changes: 
 mediawiki (1:1.19.11+dfsg-0+deb7u1) wheezy-security; urgency=high
 .
   [ Thorsten Glaser ]
   * New upstream security fix release (Closes: #729629, #706601):
     - CVE-2014-1610 (bug 60339) remote code exec in Djvu thumbnailer
     - CVE-2013-4568 (bug 58088) Don't normalize U+FF3C to \ in CSS Checks
     - CVE-2013-6452 (bug 57550) Disallow stylesheets in SVG Uploads
     - CVE-2013-6453 (bug 58553) Return error on invalid XML for SVG Uploads
     - CVE-2013-6454 (bug 58472) Disallow -o-link in styles
     - CVE-2013-6472 (bug 58699) Fix RevDel log entry information leaks
     - CVE-2013-4572 (bug 53032) Don't cache when a call could autocreate
     - CVE-2013-4567 (bug 55332) Vertical tab allows bypassing filters
     - CVE-2013-4568 (bug 55332) "expression" filtering in IE6 bypass
     - SVG script filtering could be bypassed for Chrome and Firefox
       clients by using an encoding that MediaWiki understood, but these
       browsers interpreted as UTF-8. (CVE-2013-2031)
     - Internal review discovered that extensions were not given the
       opportunity to disable a password reset, which could lead to
       circumvention of two-factor authentication (CVE-2013-2032)
     - (and others)
   * Replace trademarked image files by self-drawn Free ones
   * Secure the default images directory (Closes: #716884)
   * Handle /var/lib/mediawiki/extensions/* always as symlinks, for
     both core and extra extensions, with upgrade path (Closes: #719208)
   * Ship files in /etc/mediawiki-extensions/extensions-available/
     for extensions shipped with the mediawiki core
   * Change watch file to track upstream LTS version
   * debian/control: Change VCS-* URLs (unbreak; point to stable)
   * Update copyright file with things noted by Paul Tagliamonte, thanks!
   * Refresh one patch to make it apply cleanly against 1.19.11
 .
   [ Florian Weimer ]
   * Add “Replaces: mediawiki-extensions-confirmedit”
Checksums-Sha1: 
 c61b517425027bc44be1f6dbc6a72ff353152347 2188 mediawiki_1.19.11+dfsg-0+deb7u1.dsc
 42d4fa35c6ff582219b180cb69d4099d59eca4f3 12189368 mediawiki_1.19.11+dfsg.orig.tar.xz
 033ec597f6cd62848da7ee96345a876489c763fc 50414 mediawiki_1.19.11+dfsg-0+deb7u1.debian.tar.gz
 28a2695bd847275cc22008365603e4ad5f9c323b 17927408 mediawiki_1.19.11+dfsg-0+deb7u1_all.deb
Checksums-Sha256: 
 d91815807eb61087e376b8fcfde170f51d59f6276e0481ed6188509a2bf37b5d 2188 mediawiki_1.19.11+dfsg-0+deb7u1.dsc
 14e36582b785269699285b52db3e9bf29ee76e19786250423cc45f0759444a4c 12189368 mediawiki_1.19.11+dfsg.orig.tar.xz
 0859ecb375816910f5db6494efdfbaa44c6617b59dad9e68d2c7af4023fa9288 50414 mediawiki_1.19.11+dfsg-0+deb7u1.debian.tar.gz
 8b3dbbbed99d384139cbd1b7809bf55c43964c2ff34c066ab706b0a0e2bde45c 17927408 mediawiki_1.19.11+dfsg-0+deb7u1_all.deb
Files: 
 1f37cd4cf3bc9d682c834a9e9b825c29 2188 web optional mediawiki_1.19.11+dfsg-0+deb7u1.dsc
 9094bd7f18c6beaf29d1122fa6fd16a2 12189368 web optional mediawiki_1.19.11+dfsg.orig.tar.xz
 7579dd8418ca77d2fc348fb939bab081 50414 web optional mediawiki_1.19.11+dfsg-0+deb7u1.debian.tar.gz
 c7275d12037419139ed1cea6fe3d1835 17927408 web optional mediawiki_1.19.11+dfsg-0+deb7u1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (MirBSD)

iQIcBAEBCQAGBQJS+MN0AAoJEHa1NLLpkAfg2uAP/0j3cJ7BDtusb6XlSob9fCsT
A1/sz5V7P2eWzk2vqx6bexhyFBLceAQlwWoNhB1IOe8wy7VGxf7+aIeJoqbRr/6T
ucHCzq/x/uj3JnRqMXfqFzU9DyS3r+jzaCl9jqpUCMknwxrOFIRWtpXn/AL17dbH
3x5LJvxJQISv/LljPmP1zDF5Wl8Z1jd6ZsRhJtM/0Ws1fpL8Y+omQrngk+1g7sDL
AUSVAhHupDJphXG7A7USu7GdvIikGYs9di4HnkUMS+i2VTkzq1Hs2ARxCKuGDAg+
AW7xERrTmWb+6aOfmY8SDUM+iCzmEMq4CcK5syYCRN+g2r/2syGcGfuC1hz/SO4x
UUGqDbC6fBqGX1SFz9nLLOlU9naSUfpY9hmmd4iM/1/pMMj8yUkZTHc+16G5HV/w
HuDrDrbg5NWnNNWrIfSc5YnhEKVILyo3hQMUWXdaTf0HZD/kIz/HurN+7Z5E/xtP
8xh6ZrO//O/7IhQPHv+Dn0Ur8/HHcyboEzkLlRkdvNGoqcebtvlOAoZKIFWbv/A+
RAw6Ssf5Ybtzk7BQVyCI4b+nNbf38cg2vkHBM+1s2t4nAySG0sv7NzTz16Nh746y
2i2V8+p9FK1eQ+taCKcpu8pkxP1psJxxJfOnWVMlv95u3G7M3BtSEIFYhp877nEc
HGP0q0eSE4pzUPlxJYAF
=1ki5
-----END PGP SIGNATURE-----