-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 3.0 (quilt) Source: mediawiki Binary: mediawiki Architecture: all Version: 1:1.19.20+dfsg-0+deb7u3 Maintainer: Mediawiki Maintenance Team <[email protected]> Uploaders: Jonathan Wiltshire <[email protected]>, Thorsten Glaser <[email protected]> Homepage: http://www.mediawiki.org/ Standards-Version: 3.9.3 Vcs-Browser: http://anonscm.debian.org/viewvc/pkg-mediawiki/mediawiki/branches/wheezy/ Vcs-Svn: svn://anonscm.debian.org/pkg-mediawiki/mediawiki/branches/wheezy/ Build-Depends: debhelper (>= 9), dh-buildinfo, ocaml-nox | ocaml, xsltproc, docbook-xml, docbook-xsl, po-debconf Package-List: mediawiki deb web optional Checksums-Sha1: d6f73d41b4c1cdc88870dadfc32405f7f149c054 11632368 mediawiki_1.19.20+dfsg.orig.tar.xz 23e1e541bd8f503f1d57974225b2d195ffd8b27f 68253 mediawiki_1.19.20+dfsg-0+deb7u3.debian.tar.gz Checksums-Sha256: 0c263ad5e869bbb94c5d4901f89795c52a45fc59a7c6b2fbcac67a9935f3c544 11632368 mediawiki_1.19.20+dfsg.orig.tar.xz d59f8f9278ee62540e012e7b52a4d86f691ebc7bd978c794f6d811265d88e34d 68253 mediawiki_1.19.20+dfsg-0+deb7u3.debian.tar.gz Files: bfd6477e017ae32c787d16adddac66a2 11632368 mediawiki_1.19.20+dfsg.orig.tar.xz 8e4ee6766d04bbfa14ea812e471d3b5a 68253 mediawiki_1.19.20+dfsg-0+deb7u3.debian.tar.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJUlrlJAAoJEBC+iYPz1Z1kK2YH/18p0gIKP9rD7DgXrAzfmv/F Wl0iN/m0b/53rNmxpVFIefDKie851PbsxuajaAW6uxsaD52j/Ffzl1g9VuFd9hty LKkHtWWZSfhuRzi/xCGiM1YONXrDyLfFOz6APH0N2cQPTs+k2DMk8ith42NokViy F7AoBpZPV/9HByDyC2TvnxqigEsUY35O5k79QPrB7UAoNqdbI04vJznCXJEJWiiC XLlSPVCvbCMidqUim2r0FAdxBuGqyn22xa0617yS/q4TDA5JH26n4XvDcL+TI7kE 6AxgudHZ+DuvmSkKw3k0m7Rtz/pfb2UReKB2woP3l2xKMCXjYIed2/goOYxulHc= =OE4a -----END PGP SIGNATURE----- Changes: mediawiki (1:1.19.20+dfsg-0+deb7u3) wheezy-security; urgency=medium * CVE-2014-9277: Fix regression introduced by previous patch. * Add patch fixing T76686: thumb.php outputs wikitext message as raw HTML, which could lead to xss. Permission to edit MediaWiki namespace is required to exploit this. -- Sebastien Delafond <[email protected]> Sun, 21 Dec 2014 13:03:27 +0100
