-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 3.0 (quilt) Source: mediawiki Binary: mediawiki, mediawiki-classes Architecture: all Version: 1:1.19.20+dfsg-2.3 Maintainer: Mediawiki Maintenance Team <[email protected]> Uploaders: Jonathan Wiltshire <[email protected]> Homepage: http://www.mediawiki.org/ Standards-Version: 3.9.6 Vcs-Browser: http://anonscm.debian.org/viewvc/pkg-mediawiki/mediawiki/trunk/ Vcs-Svn: svn://anonscm.debian.org/pkg-mediawiki/mediawiki/trunk/ Build-Depends: debhelper (>= 9), dh-buildinfo, ocaml-nox | ocaml, xsltproc, docbook-xml, docbook-xsl, po-debconf Package-List: mediawiki deb web optional arch=all mediawiki-classes deb web optional arch=all Checksums-Sha1: d6f73d41b4c1cdc88870dadfc32405f7f149c054 11632368 mediawiki_1.19.20+dfsg.orig.tar.xz 0a10955bba150af86b8e5ca6cd3593bd697d5e96 69440 mediawiki_1.19.20+dfsg-2.3.debian.tar.xz Checksums-Sha256: 0c263ad5e869bbb94c5d4901f89795c52a45fc59a7c6b2fbcac67a9935f3c544 11632368 mediawiki_1.19.20+dfsg.orig.tar.xz 5e42586bb35af3daeb5a85f47caf0e50684c1f36644e2772802d6b7919f48948 69440 mediawiki_1.19.20+dfsg-2.3.debian.tar.xz Files: bfd6477e017ae32c787d16adddac66a2 11632368 mediawiki_1.19.20+dfsg.orig.tar.xz 909a19d9d9dc5a0af18c7b4d574f3788 69440 mediawiki_1.19.20+dfsg-2.3.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJVIr1nAAoJEFb2GnlAHawEx6wIAI85DOZs6tuj5Lg71q4GAcp4 y3NknlVtMWYgul25rwV9tahGZTMRzvAmvplKgp3NPn4+7Vft67o0lOCC5w+tG1+S qQQx9TjUKmEZSg8sLVngpABz2S8qMDlUTHAC5GY3M/pCJDcwBS+Wwvn0nI9m5CuO /Ex9S1PmwKgwCj0Gg9nGA+dDSmRCzeChpqydHhKlm7v2+kDNOY2uzb9xwvarIRMV LPmsh8xDWa9XFVlismhpmf9Zvtcqe2Lx1/SwWX4BK83tNHpHk92DceYky1BhDfF5 MZk43L5HvaWPljuOU2sB9ih92NFDkfs3KC8jKUPpWBP84rQjpfiawhs9pQOXukg= =IxmP -----END PGP SIGNATURE----- Changes: mediawiki (1:1.19.20+dfsg-2.3) unstable; urgency=high * Non-maintainer upload. * Add patch fixing several security issues: - (bug T85848, bug T71210) SECURITY: Don't parse XMP blocks that contain XML entities, to prevent various DoS attacks. - (bug T88310) SECURITY: Always expand xml entities when checking SVG's. - (bug T73394) SECURITY: Escape > in Html::expandAttributes to prevent XSS. - (bug T85855) SECURITY: Don't execute another user's CSS or JS on preview. - (bug T85349, bug T85850, bug T86711) SECURITY: Multiple issues fixed in SVG filtering to prevent XSS and protect viewer's privacy. -- Thijs Kinkhorst <[email protected]> Mon, 06 Apr 2015 16:53:54 +0000
