[Pkg-mediawiki-commits] r424 - in mediawiki-extensions: branches/squeeze/debian branches/squeeze/debian/patches branches/wheezy/debian branches/wheezy/debian/patches trunk/debian
Thorsten Glaser
tg at alioth.debian.org
Mon Dec 31 16:30:04 UTC 2012
Author: tg
Date: 2012-12-31 16:30:04 +0000 (Mon, 31 Dec 2012)
New Revision: 424
Modified:
mediawiki-extensions/branches/squeeze/debian/changelog
mediawiki-extensions/branches/squeeze/debian/patches/fix_rssreader.patch
mediawiki-extensions/branches/wheezy/debian/changelog
mediawiki-extensions/branches/wheezy/debian/patches/fix_rssreader.patch
mediawiki-extensions/trunk/debian/changelog
Log:
mention the CVE identifier everywhere (the packages are uploaded already, no problem, this way we?\226?\128?\153ll have it tracked for the future)
Modified: mediawiki-extensions/branches/squeeze/debian/changelog
===================================================================
--- mediawiki-extensions/branches/squeeze/debian/changelog 2012-12-30 14:33:33 UTC (rev 423)
+++ mediawiki-extensions/branches/squeeze/debian/changelog 2012-12-31 16:30:04 UTC (rev 424)
@@ -1,7 +1,7 @@
mediawiki-extensions (2.3squeeze2) stable-security; urgency=high
* RSSReader: Protect against an injection attack by malicious
- feeds (CLoses: #696179)
+ feeds; CVE-2012-6453 (CLoses: #696179)
-- Jonathan Wiltshire <jmw at debian.org> Sun, 30 Dec 2012 14:15:58 +0000
Modified: mediawiki-extensions/branches/squeeze/debian/patches/fix_rssreader.patch
===================================================================
--- mediawiki-extensions/branches/squeeze/debian/patches/fix_rssreader.patch 2012-12-30 14:33:33 UTC (rev 423)
+++ mediawiki-extensions/branches/squeeze/debian/patches/fix_rssreader.patch 2012-12-31 16:30:04 UTC (rev 424)
@@ -7,6 +7,7 @@
* fix rendering path to CSS
* make work with PHP 5.3
* stop using $rss->unhtmlentities and sanitise RSS bodies correctly
+* fix CVE-2012-6453
Also add documentation of these changes as README.Debian and point to
upstream's documentation in form of a wikipage.
Modified: mediawiki-extensions/branches/wheezy/debian/changelog
===================================================================
--- mediawiki-extensions/branches/wheezy/debian/changelog 2012-12-30 14:33:33 UTC (rev 423)
+++ mediawiki-extensions/branches/wheezy/debian/changelog 2012-12-31 16:30:04 UTC (rev 424)
@@ -3,7 +3,7 @@
* RSS_Reader: correctly sanitise the message body as well,
fixes another injection and HTML validity (the bodies are
not normally shown though, so only medium urgency); same
- as 2.10; no CVE identifier yet (Closes: #696179)
+ as 2.10; CVE-2012-6453 (Closes: #696179)
-- Thorsten Glaser <tg at mirbsd.de> Sat, 29 Dec 2012 19:12:39 +0100
Modified: mediawiki-extensions/branches/wheezy/debian/patches/fix_rssreader.patch
===================================================================
--- mediawiki-extensions/branches/wheezy/debian/patches/fix_rssreader.patch 2012-12-30 14:33:33 UTC (rev 423)
+++ mediawiki-extensions/branches/wheezy/debian/patches/fix_rssreader.patch 2012-12-31 16:30:04 UTC (rev 424)
@@ -11,6 +11,7 @@
* XHTML/1.0 Transitional validity of output
* fix a bunch of PHP warnings
* fix a user security issue wrt. HTML in RSS <title>s
+ (CVE-2012-6453)
* stop using $rss->unhtmlentities and sanitise RSS bodies correctly
Also add documentation of these changes as README.Debian and point to
Modified: mediawiki-extensions/trunk/debian/changelog
===================================================================
--- mediawiki-extensions/trunk/debian/changelog 2012-12-30 14:33:33 UTC (rev 423)
+++ mediawiki-extensions/trunk/debian/changelog 2012-12-31 16:30:04 UTC (rev 424)
@@ -1,6 +1,7 @@
mediawiki-extensions (3.2) experimental; urgency=medium
* Merge mediawiki-extensions (2.11) upload (Closes: #696179)
+ * CVE-2012-6453
* Rebase RSS_Reader extension against new upstream version
-- Thorsten Glaser <tg at mirbsd.de> Sat, 29 Dec 2012 23:39:12 +0100
More information about the Pkg-mediawiki-commits
mailing list