[Pkg-mediawiki-commits] r424 - in mediawiki-extensions: branches/squeeze/debian branches/squeeze/debian/patches branches/wheezy/debian branches/wheezy/debian/patches trunk/debian

Mon Dec 31 16:30:04 UTC 2012

Author: tg
Date: 2012-12-31 16:30:04 +0000 (Mon, 31 Dec 2012)
New Revision: 424

Modified:
   mediawiki-extensions/branches/squeeze/debian/changelog
   mediawiki-extensions/branches/squeeze/debian/patches/fix_rssreader.patch
   mediawiki-extensions/branches/wheezy/debian/changelog
   mediawiki-extensions/branches/wheezy/debian/patches/fix_rssreader.patch
   mediawiki-extensions/trunk/debian/changelog
Log:
mention the CVE identifier everywhere (the packages are uploaded already, no problem, this way we?\226?\128?\153ll have it tracked for the future)

Modified: mediawiki-extensions/branches/squeeze/debian/changelog
===================================================================

--- mediawiki-extensions/branches/squeeze/debian/changelog	2012-12-30 14:33:33 UTC (rev 423)
+++ mediawiki-extensions/branches/squeeze/debian/changelog	2012-12-31 16:30:04 UTC (rev 424)
@@ -1,7 +1,7 @@
 mediawiki-extensions (2.3squeeze2) stable-security; urgency=high
 
   * RSSReader: Protect against an injection attack by malicious
-    feeds (CLoses: #696179)
+    feeds; CVE-2012-6453 (CLoses: #696179)
 
  -- Jonathan Wiltshire <jmw at debian.org>  Sun, 30 Dec 2012 14:15:58 +0000
 

Modified: mediawiki-extensions/branches/squeeze/debian/patches/fix_rssreader.patch
===================================================================
--- mediawiki-extensions/branches/squeeze/debian/patches/fix_rssreader.patch	2012-12-30 14:33:33 UTC (rev 423)
+++ mediawiki-extensions/branches/squeeze/debian/patches/fix_rssreader.patch	2012-12-31 16:30:04 UTC (rev 424)
@@ -7,6 +7,7 @@
 * fix rendering path to CSS
 * make work with PHP 5.3
 * stop using $rss->unhtmlentities and sanitise RSS bodies correctly
+* fix CVE-2012-6453
 
 Also add documentation of these changes as README.Debian and point to
 upstream's documentation in form of a wikipage.

Modified: mediawiki-extensions/branches/wheezy/debian/changelog
===================================================================
--- mediawiki-extensions/branches/wheezy/debian/changelog	2012-12-30 14:33:33 UTC (rev 423)
+++ mediawiki-extensions/branches/wheezy/debian/changelog	2012-12-31 16:30:04 UTC (rev 424)
@@ -3,7 +3,7 @@
   * RSS_Reader: correctly sanitise the message body as well,
     fixes another injection and HTML validity (the bodies are
     not normally shown though, so only medium urgency); same
-    as 2.10; no CVE identifier yet (Closes: #696179)
+    as 2.10; CVE-2012-6453 (Closes: #696179)
 
  -- Thorsten Glaser <tg at mirbsd.de>  Sat, 29 Dec 2012 19:12:39 +0100
 

Modified: mediawiki-extensions/branches/wheezy/debian/patches/fix_rssreader.patch
===================================================================
--- mediawiki-extensions/branches/wheezy/debian/patches/fix_rssreader.patch	2012-12-30 14:33:33 UTC (rev 423)
+++ mediawiki-extensions/branches/wheezy/debian/patches/fix_rssreader.patch	2012-12-31 16:30:04 UTC (rev 424)
@@ -11,6 +11,7 @@
 * XHTML/1.0 Transitional validity of output
 * fix a bunch of PHP warnings
 * fix a user security issue wrt. HTML in RSS <title>s
+  (CVE-2012-6453)
 * stop using $rss->unhtmlentities and sanitise RSS bodies correctly
 
 Also add documentation of these changes as README.Debian and point to

Modified: mediawiki-extensions/trunk/debian/changelog
===================================================================
--- mediawiki-extensions/trunk/debian/changelog	2012-12-30 14:33:33 UTC (rev 423)
+++ mediawiki-extensions/trunk/debian/changelog	2012-12-31 16:30:04 UTC (rev 424)
@@ -1,6 +1,7 @@
 mediawiki-extensions (3.2) experimental; urgency=medium
 
   * Merge mediawiki-extensions (2.11) upload (Closes: #696179)
+  * CVE-2012-6453
   * Rebase RSS_Reader extension against new upstream version
 
  -- Thorsten Glaser <tg at mirbsd.de>  Sat, 29 Dec 2012 23:39:12 +0100


