[Pkg-mediawiki-commits] r436 - in mediawiki: tarballs trunk/debian trunk/debian/patches
Jonathan Wiltshire
jmw at alioth.debian.org
Sat May 11 15:04:28 UTC 2013
Author: jmw
Date: 2013-05-11 15:04:28 +0000 (Sat, 11 May 2013)
New Revision: 436
Added:
mediawiki/tarballs/mediawiki_1.19.6.orig.tar.gz
Modified:
mediawiki/trunk/debian/changelog
mediawiki/trunk/debian/patches/suppress_warnings.patch
Log:
New upstream security release
Added: mediawiki/tarballs/mediawiki_1.19.6.orig.tar.gz
===================================================================
(Binary files differ)
Property changes on: mediawiki/tarballs/mediawiki_1.19.6.orig.tar.gz
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Modified: mediawiki/trunk/debian/changelog
===================================================================
--- mediawiki/trunk/debian/changelog 2013-04-16 09:19:57 UTC (rev 435)
+++ mediawiki/trunk/debian/changelog 2013-05-11 15:04:28 UTC (rev 436)
@@ -1,3 +1,15 @@
+mediawiki (1:1.19.6-1) UNRELEASED; urgency=low
+
+ * New upstream security release (Closes: #706601):
+ - SVG script filtering could be bypassed for Chrome and Firefox
+ clients by using an encoding that MediaWiki understood, but these
+ browsers interpreted as UTF-8. (CVE-2013-2031)
+ - Internal review discovered that extensions were not given the
+ opportunity to disable a password reset, which could lead to
+ circumvention of two-factor authentication (CVE-2013-2032)
+
+ -- Jonathan Wiltshire <jmw at debian.org> Sat, 11 May 2013 15:33:18 +0100
+
mediawiki (1:1.19.5-1) unstable; urgency=high
[ Platonides ]
Modified: mediawiki/trunk/debian/patches/suppress_warnings.patch
===================================================================
--- mediawiki/trunk/debian/patches/suppress_warnings.patch 2013-04-16 09:19:57 UTC (rev 435)
+++ mediawiki/trunk/debian/patches/suppress_warnings.patch 2013-05-11 15:04:28 UTC (rev 436)
@@ -2,9 +2,9 @@
Suppress warnings from being run within FusionForge’s gforge-plugin-mediawiki
---- a/includes/GlobalFunctions.php
-+++ b/includes/GlobalFunctions.php
-@@ -2199,7 +2199,9 @@ function wfNegotiateType( $cprefs, $spre
+--- mediawiki-1.19.6.orig/includes/GlobalFunctions.php
++++ mediawiki-1.19.6/includes/GlobalFunctions.php
+@@ -2199,7 +2199,9 @@
*
* @param $end Bool
*/
@@ -14,7 +14,7 @@
static $suppressCount = 0;
static $originalLevel = false;
-@@ -2208,6 +2210,7 @@ function wfSuppressWarnings( $end = fals
+@@ -2208,6 +2210,7 @@
--$suppressCount;
if ( !$suppressCount ) {
error_reporting( $originalLevel );
@@ -22,15 +22,15 @@
}
}
} else {
-@@ -2217,6 +2220,7 @@ function wfSuppressWarnings( $end = fals
- define( 'E_DEPRECATED', 8192 );
+@@ -2220,6 +2223,7 @@
+ define( 'E_USER_DEPRECATED', 16384 );
}
$originalLevel = error_reporting( E_ALL & ~( E_WARNING | E_NOTICE | E_USER_WARNING | E_USER_NOTICE | E_DEPRECATED | E_USER_DEPRECATED | E_STRICT ) );
+ $wf__warnings_suppressed = true;
}
++$suppressCount;
}
-@@ -3371,7 +3375,7 @@ function wfSetupSession( $sessionId = fa
+@@ -3374,7 +3378,7 @@
wfFixSessionID();
}
wfSuppressWarnings();
More information about the Pkg-mediawiki-commits
mailing list