Navigation:
Browse pkgsrc
(this page) 2012-01-13 14:20:49 by Matthias Scheler | Files touched by this commit (3) |  |
Log message:
Pullup ticket #3649 - requested by obache
www/mediawiki: security update
Revisions pulled up:
- www/mediawiki/Makefile 1.18
- www/mediawiki/PLIST 1.7
- www/mediawiki/distinfo 1.11
---
Module Name: pkgsrc
Committed By: obache
Date: Fri Jan 13 11:27:17 UTC 2012
Modified Files:
pkgsrc/www/mediawiki: Makefile PLIST distinfo
Log message:
Update mediawiki to 1.17.2.
== MediaWiki 1.17.2 ==
2012-01-11
This a maintenance and security release of the MediaWiki 1.17 branch.
=== Security changes ===
* (bug 33117) prop=revisions allows deleted text to be exposed through cache \
pollution.
=== Changes since 1.17.1 ===
* (bug 32709) Private Wiki users were always taken to Special:Badtitle on login.
== MediaWiki 1.17.1 ==
2011-11-24
This a maintenance and security release of the MediaWiki 1.17 branch.
=== Security changes ===
* (bug 32276) Skins were generating output using the internal page title which
would allow anonymous users to determine wheter a page exists, potentially
leaking private data. In fact, the curid and oldid request parameters would
allow page titles to be enumerated even when they are not guessable.
* (bug 32616) action=ajax requests were dispatched to the relevant internal
functions without any read permission checks being done. This could lead to
data leakage on private wikis.
|
New packages: