[Pkg-mediawiki-devel] Bug#686330: Bug#686330: mediawiki: Multiple security issues

Platonides platonides at gmail.com
Thu Sep 13 21:31:35 UTC 2012

On 13/09/12 18:01, Moritz Muehlenhoff wrote:
> On Fri, Aug 31, 2012 at 06:34:38PM +0200, Julien Cristau wrote:
>> On Fri, Aug 31, 2012 at 10:37:25 +0200, Thorsten Glaser wrote:
>>> The Release Notes say that 1.19.2 is a security-fix release,
>>> and does not list any unrelated changes. Question is, (to the
>>> more seasoned MW packagers) can we trust that, and (to the
>>> Release Team) would it be acceptable to bump the upstream
>>> version on that?
>> Can't answer without a diff.
> Mediawiki maintainers, what's the status?
> Cheers,
>         Moritz

All MediaWiki changes from x.y.z to x.y.z+1 are safe to do (to the best
of our knowledge), and should be always applied since they are motivated
by security fixes.
In 1.19.2 they were more serious than other times.

We do bundle the latest translations [for that branch] with the new
release. Those are obviously not part of the security fixes (unless it
added a new error message, which wasn't the case in 1.19.2) but they
don't touch the code.

An easy way to view the differences is to do:
 git diff d0c0aabb3c5d40688d2435c0963927da479a47e0

More information about the Pkg-mediawiki-devel mailing list