mooninite pushed to mediawiki (f20). "Update to 1.23.9"

notifications at fedoraproject.org notifications at fedoraproject.org
Wed Apr 1 14:15:12 UTC 2015 

>From 9b421c69f4c813cc56da7260eae7bdc46852d478 Mon Sep 17 00:00:00 2001
From: Michael Cronenworth <mike at cchtml.com>
Date: Wed, 1 Apr 2015 09:15:03 -0500
Subject: Update to 1.23.9


diff --git a/.gitignore b/.gitignore
index fd8bdb0..f7134f3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-/mediawiki-1.23.8.tar.gz
+/mediawiki-1.23.9.tar.gz
diff --git a/mediawiki.spec b/mediawiki.spec
index cd63a93..9205cbb 100644
--- a/mediawiki.spec
+++ b/mediawiki.spec
@@ -1,6 +1,6 @@
 Summary: A wiki engine
 Name: mediawiki
-Version: 1.23.8
+Version: 1.23.9
 Release: 1%{?dist}
 License: GPLv2+
 URL: http://www.mediawiki.org/
@@ -117,6 +117,16 @@ echo /var/www/wiki > %{buildroot}%{_sysconfdir}/mediawiki/instances
 
 
 %changelog
+* Wed Apr 01 2015 Michael Cronenworth <mike at cchtml.com> - 1.23.9-1
+- Update to 1.23.9
+- (bug T85848, bug T71210) SECURITY: Don't parse XMP blocks that contain XML entities, to prevent various DoS attacks.
+- (bug T85848) SECURITY: Don't allow directly calling Xml::isWellFormed, to reduce likelihood of DoS.
+- (bug T88310) SECURITY: Always expand xml entities when checking SVG's.
+- (bug T73394) SECURITY: Escape > in Html::expandAttributes to prevent XSS.
+- (bug T85855) SECURITY: Don't execute another user's CSS or JS on preview.
+- (bug T85349, bug T85850, bug T86711) SECURITY: Multiple issues fixed in SVG filtering to prevent XSS and protect viewer's privacy.
+- (bug T70087) Fix Special:ActiveUsers page for installations using PostgreSQL.
+
 * Thu Dec 18 2014 Michael Cronenworth <mike at cchtml.com> - 1.23.8-1
 - Update to 1.23.8
 - (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which could lead to xss. Permission to edit MediaWiki namespace is required to exploit this.
diff --git a/sources b/sources
index 1cbb2d7..1e0c500 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-529e003d59be04d925da853a54794070  mediawiki-1.23.8.tar.gz
+f64712cf90bf805836d3202dfdf57ac1  mediawiki-1.23.9.tar.gz
-- 
cgit v0.10.2


	http://pkgs.fedoraproject.org/cgit/mediawiki.git/commit/?h=f20&id=9b421c69f4c813cc56da7260eae7bdc46852d478

More information about the scm-commits mailing list