[Pkg-mediawiki-commits] r436 - in mediawiki: tarballs trunk/debian trunk/debian/patches

[Jonathan Wiltshire]

Author: jmw
Date: 2013-05-11 15:04:28 +0000 (Sat, 11 May 2013)
New Revision: 436

Added:
   mediawiki/tarballs/mediawiki_1.19.6.orig.tar.gz
Modified:
   mediawiki/trunk/debian/changelog
   mediawiki/trunk/debian/patches/suppress_warnings.patch
Log:
New upstream security release

Added: mediawiki/tarballs/mediawiki_1.19.6.orig.tar.gz
===================================================================
(Binary files differ)


Property changes on: mediawiki/tarballs/mediawiki_1.19.6.orig.tar.gz
___________________________________________________________________
Added: svn:mime-type
   + application/octet-stream

Modified: mediawiki/trunk/debian/changelog
===================================================================
--- mediawiki/trunk/debian/changelog	2013-04-16 09:19:57 UTC (rev 435)
+++ mediawiki/trunk/debian/changelog	2013-05-11 15:04:28 UTC (rev 436)
@@ -1,3 +1,15 @@
+mediawiki (1:1.19.6-1) UNRELEASED; urgency=low
+
+  * New upstream security release (Closes: #706601):
+    - SVG script filtering could be bypassed for Chrome and Firefox
+      clients by using an encoding that MediaWiki understood, but these
+      browsers interpreted as UTF-8. (CVE-2013-2031)
+    - Internal review discovered that extensions were not given the
+      opportunity to disable a password reset, which could lead to
+      circumvention of two-factor authentication (CVE-2013-2032)
+
+ -- Jonathan Wiltshire <jmw at debian.org>  Sat, 11 May 2013 15:33:18 +0100
+
 mediawiki (1:1.19.5-1) unstable; urgency=high
 
   [ Platonides ]

Modified: mediawiki/trunk/debian/patches/suppress_warnings.patch
===================================================================
--- mediawiki/trunk/debian/patches/suppress_warnings.patch	2013-04-16 09:19:57 UTC (rev 435)
+++ mediawiki/trunk/debian/patches/suppress_warnings.patch	2013-05-11 15:04:28 UTC (rev 436)
@@ -2,9 +2,9 @@
 
 Suppress warnings from being run within FusionForge’s gforge-plugin-mediawiki
 
---- a/includes/GlobalFunctions.php
-+++ b/includes/GlobalFunctions.php
-@@ -2199,7 +2199,9 @@ function wfNegotiateType( $cprefs, $spre
+--- mediawiki-1.19.6.orig/includes/GlobalFunctions.php
++++ mediawiki-1.19.6/includes/GlobalFunctions.php
+@@ -2199,7 +2199,9 @@
   *
   * @param $end Bool
   */
@@ -14,7 +14,7 @@
  	static $suppressCount = 0;
  	static $originalLevel = false;
  
-@@ -2208,6 +2210,7 @@ function wfSuppressWarnings( $end = fals
+@@ -2208,6 +2210,7 @@
  			--$suppressCount;
  			if ( !$suppressCount ) {
  				error_reporting( $originalLevel );
@@ -22,15 +22,15 @@
  			}
  		}
  	} else {
-@@ -2217,6 +2220,7 @@ function wfSuppressWarnings( $end = fals
- 				define( 'E_DEPRECATED', 8192 );
+@@ -2220,6 +2223,7 @@
+ 				define( 'E_USER_DEPRECATED', 16384 );
  			}
  			$originalLevel = error_reporting( E_ALL & ~( E_WARNING | E_NOTICE | E_USER_WARNING | E_USER_NOTICE | E_DEPRECATED | E_USER_DEPRECATED | E_STRICT ) );
 +			$wf__warnings_suppressed = true;
  		}
  		++$suppressCount;
  	}
-@@ -3371,7 +3375,7 @@ function wfSetupSession( $sessionId = fa
+@@ -3374,7 +3378,7 @@
  		wfFixSessionID();
  	}
  	wfSuppressWarnings();