Subject: CVS commit: [pkgsrc-2011Q4] pkgsrc/www/mediawiki
From: Matthias Scheler
Date: 2012-01-13 14:20:49
Message id: 20120113132050.0BE33175DD@cvs.netbsd.org

Log Message:
Pullup ticket #3649 - requested by obache
www/mediawiki: security update

Revisions pulled up:
- www/mediawiki/Makefile                                        1.18
- www/mediawiki/PLIST                                           1.7
- www/mediawiki/distinfo                                        1.11

---
   Module Name:	pkgsrc
   Committed By:	obache
   Date:		Fri Jan 13 11:27:17 UTC 2012

   Modified Files:
   	pkgsrc/www/mediawiki: Makefile PLIST distinfo

   Log Message:
   Update mediawiki to 1.17.2.

   == MediaWiki 1.17.2 ==
   2012-01-11

   This a maintenance and security release of the MediaWiki 1.17 branch.

   === Security changes ===
   * (bug 33117) prop=revisions allows deleted text to be exposed through cache \ 
pollution.

   === Changes since 1.17.1 ===
   * (bug 32709) Private Wiki users were always taken to Special:Badtitle on login.

   == MediaWiki 1.17.1 ==

   2011-11-24

   This a maintenance and security release of the MediaWiki 1.17 branch.

   === Security changes ===
   * (bug 32276) Skins were generating output using the internal page title which
      would allow anonymous users to determine wheter a page exists, potentially
      leaking private data. In fact, the curid and oldid request parameters would
      allow page titles to be enumerated even when they are not guessable.
   * (bug 32616) action=ajax requests were dispatched to the relevant internal
      functions without any read permission checks being done. This could lead to
      data leakage on private wikis.

Files:
RevisionActionfile
1.17.4.1modifypkgsrc/www/mediawiki/Makefile
1.6.4.1modifypkgsrc/www/mediawiki/PLIST
1.10.4.1modifypkgsrc/www/mediawiki/distinfo