-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 21 Dec 2014 13:03:27 +0100 Source: mediawiki Binary: mediawiki Architecture: source all Version: 1:1.19.20+dfsg-0+deb7u3 Distribution: wheezy-security Urgency: medium Maintainer: Mediawiki Maintenance Team <pkg-mediawiki-devel@lists.alioth.debian.org> Changed-By: Sebastien Delafond <seb@debian.org> Description: mediawiki - website engine for collaborative work Changes: mediawiki (1:1.19.20+dfsg-0+deb7u3) wheezy-security; urgency=medium . * CVE-2014-9277: Fix regression introduced by previous patch. * Add patch fixing T76686: thumb.php outputs wikitext message as raw HTML, which could lead to xss. Permission to edit MediaWiki namespace is required to exploit this. Checksums-Sha1: f7a971ea41b6d38d54038be2197b6f801c57bee9 1789 mediawiki_1.19.20+dfsg-0+deb7u3.dsc 23e1e541bd8f503f1d57974225b2d195ffd8b27f 68253 mediawiki_1.19.20+dfsg-0+deb7u3.debian.tar.gz f12b851f2b6b4072892ef2dd8228065498f0a65c 17864708 mediawiki_1.19.20+dfsg-0+deb7u3_all.deb Checksums-Sha256: 4c986e5c42b8c64c3bcdff18aa8ec46fd53bf33ca68677623889bd71cdc9dce2 1789 mediawiki_1.19.20+dfsg-0+deb7u3.dsc d59f8f9278ee62540e012e7b52a4d86f691ebc7bd978c794f6d811265d88e34d 68253 mediawiki_1.19.20+dfsg-0+deb7u3.debian.tar.gz 0468e2679ade81458a0033a1d4ed2fb00d54f0a1d5c51ddedeaf3ff4f8c30ee7 17864708 mediawiki_1.19.20+dfsg-0+deb7u3_all.deb Files: fe7ea495c784a7141012fb1bef3dfc59 1789 web optional mediawiki_1.19.20+dfsg-0+deb7u3.dsc 8e4ee6766d04bbfa14ea812e471d3b5a 68253 web optional mediawiki_1.19.20+dfsg-0+deb7u3.debian.tar.gz 55869c479bf633a3c12b1cfec675c03b 17864708 web optional mediawiki_1.19.20+dfsg-0+deb7u3_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJUlrlMAAoJEBC+iYPz1Z1kH0cIAJSKUtsieenoEnmIEMCZj01y 1wxcDbPFFuZKpZ3wyerFnfVq9uCCfs5QNy8EaxGuFdBEJ6/M4i/1LCqTPTyahmgJ evHnP3qyHN2QNhA+3TByw0NK3FjFGyFQ5yVJXtZrPw367QXCGS8kbpPEfpqA0vLM YWEEMIm0wVKvup5gVGQ5ZNoFFoQRAunMgoM4NzPPv155jRp2KiVcQxKlOVKwe78S N5khHpkoLCFIxqqUo40IFUZw3B/Cn5A+ECTkxrDfznKuigqbr433XmPU7JMSRZst a9ZQcwZ6ZrJhmXHViSg7K8xfRD4jRouVlVBUniaBawK58rekAqWxI4NMRqAFNv0= =qBCi -----END PGP SIGNATURE-----