Public bug reported: Binary package hint: mediawiki1.7
Please sync mediawiki1.7 (1.7.1-9) from Debian unstable (main). The Ubuntu package has no changes. Thanks. Changelog: mediawiki1.7 (1.7.1-9) unstable; urgency=high * Backported security fix from 1.7.3 release: "An XSS injection vulnerability based on Microsoft Internet Explorer's UTF-7 charset autodetection was located in the AJAX support module, affecting MSIE users on MediaWiki 1.6.x and up when the optional setting $wgUseAjax is enabled." See: http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_7_3/phase3/RELEASE-NOTES -- Romain Beauxis <[EMAIL PROTECTED]> Wed, 21 Feb 2007 11:23:49 +0100 mediawiki1.7 (1.7.1-8) unstable; urgency=low * Added debconf translations, thanks to contributors! Closes: #408607, #410987 -- Romain Beauxis <[EMAIL PROTECTED]> Tue, 20 Feb 2007 02:41:36 +0100 mediawiki1.7 (1.7.1-7) unstable; urgency=low * Removed problematic link in /etc/mediawiki1.7. See #388616 and #393962. Added a readme file to explain the situation instead. Closes: #393962 -- Romain Beauxis <[EMAIL PROTECTED]> Fri, 9 Feb 2007 00:36:38 +0100 ** Affects: mediawiki1.7 (Ubuntu) Importance: Undecided Status: Unconfirmed -- [Sync Request] Sync mediawiki1.7 (1.7.1-9) from Debian unstable (main) https://launchpad.net/bugs/87088 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs