[Pkg-mediawiki-commits] r415 - in mediawiki-extensions/branches/wheezy/debian: . patches
Thorsten Glaser
tg at alioth.debian.org
Sat Dec 29 19:13:30 UTC 2012
Author: tg
Date: 2012-12-29 19:13:29 +0000 (Sat, 29 Dec 2012)
New Revision: 415
Modified:
mediawiki-extensions/branches/wheezy/debian/changelog
mediawiki-extensions/branches/wheezy/debian/patches/fix_rssreader.patch
Log:
prepare for upload, with changed RSS_Reader version number
- still no CVE ID yet
- I will change the code on the MW website and then
rebase our patches against that, but only in the
trunk, not in the wheezy branch, to ease review
- jmw will write a DSA
Modified: mediawiki-extensions/branches/wheezy/debian/changelog
===================================================================
--- mediawiki-extensions/branches/wheezy/debian/changelog 2012-12-19 13:30:24 UTC (rev 414)
+++ mediawiki-extensions/branches/wheezy/debian/changelog 2012-12-29 19:13:29 UTC (rev 415)
@@ -1,3 +1,12 @@
+mediawiki-extensions (2.11) unstable; urgency=medium
+
+ * RSS_Reader: correctly sanitise the message body as well,
+ fixes another injection and HTML validity (the bodies are
+ not normally shown though, so only medium urgency); same
+ as 2.10; no CVE identifier yet (Closes: #696179)
+
+ -- Thorsten Glaser <tg at mirbsd.de> Sat, 29 Dec 2012 19:12:39 +0100
+
mediawiki-extensions (2.10) unstable; urgency=high
* RSS_Reader: fix Javascript injection (Closes: #696179)
Modified: mediawiki-extensions/branches/wheezy/debian/patches/fix_rssreader.patch
===================================================================
--- mediawiki-extensions/branches/wheezy/debian/patches/fix_rssreader.patch 2012-12-19 13:30:24 UTC (rev 414)
+++ mediawiki-extensions/branches/wheezy/debian/patches/fix_rssreader.patch 2012-12-29 19:13:29 UTC (rev 415)
@@ -16,13 +16,17 @@
Also add documentation of these changes as README.Debian and point to
upstream's documentation in form of a wikipage.
+Bump the version to 0.2.6 to denote fixing the RSS title and body
+input sanitisation vulnerability, but do not rebase against the new
+upstream version to keep the diff small.
+
--- a/dist/mediawiki-extensions-base/usr/share/mediawiki-extensions/base/RSS_Reader/RSSReader.php
+++ b/dist/mediawiki-extensions-base/usr/share/mediawiki-extensions/base/RSS_Reader/RSSReader.php
@@ -22,10 +22,11 @@ if ( !defined('MEDIAWIKI') ) {
}
$wgExtensionFunctions[] = 'efRSSReader';
-+$wgRSSReaderExtVersion = '0.2.5';
++$wgRSSReaderExtVersion = '0.2.6';
$wgExtensionCredits['parserhook'][] = array(
'name' => 'RSS Reader',
More information about the Pkg-mediawiki-commits
mailing list