[mediawiki/f20] Update to 1.21.6
mooninite
mooninite at fedoraproject.org
Sat Mar 1 19:36:01 UTC 2014
commit 96c79baba1b09c23b68d585dbba5cd92c5996bd6
Author: Michael Cronenworth <mike at cchtml.com>
Date: Sat Mar 1 13:36:49 2014 -0600
Update to 1.21.6
.gitignore | 1 +
mediawiki.spec | 8 +++++++-
sources | 2 +-
3 files changed, 9 insertions(+), 2 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 7b5e6d6..7733461 100644
--- a/.gitignore
+++ b/.gitignore
@@ -13,3 +13,4 @@ mediawiki-1.15.4.tar.gz
/mediawiki-1.21.3.tar.gz
/mediawiki-1.21.4.tar.gz
/mediawiki-1.21.5.tar.gz
+/mediawiki-1.21.6.tar.gz
diff --git a/mediawiki.spec b/mediawiki.spec
index 9e3192c..59637e2 100644
--- a/mediawiki.spec
+++ b/mediawiki.spec
@@ -1,6 +1,6 @@
Summary: A wiki engine
Name: mediawiki
-Version: 1.21.5
+Version: 1.21.6
Release: 1%{?dist}
License: GPLv2+
URL: http://www.mediawiki.org/
@@ -121,6 +121,12 @@ echo /var/www/wiki > %{buildroot}%{_sysconfdir}/mediawiki/instances
%changelog
+* Sat Mar 01 2014 Michael Cronenworth <mike at cchtml.com> - 1.21.6-1
+- Update to 1.21.6
+- (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted namespaces. Also disallow iframe elements. User will get an error including the namespace name if they use a non- whitelisted namespace.
+- (bug 61346) SECURITY: Make token comparison use constant time. It seems like our token comparison would be vulnerable to timing attacks. This will take constant time.
+- (bug 61362) SECURITY: API: Don't find links in the middle of api.php links.
+
* Tue Jan 28 2014 Patrick Uiterwijk <puiterwijk at redhat.com> - 1.21.5-1
- Update to 1.21.5
- (bug 60339) (CVE-2014-1610) SECURITY: Reported RCE in djvu thumbnailing
diff --git a/sources b/sources
index 12b721f..9a2c7df 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-ef274a6710a9a0cf92b720892ddfc2e0 mediawiki-1.21.5.tar.gz
+a41bab6204493882d9d49ea475ea30fd mediawiki-1.21.6.tar.gz
More information about the scm-commits
mailing list