Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11]) by www.NetBSD.org (Postfix) with ESMTP id 23E6563B84C for ; Fri, 13 Jan 2012 13:20:54 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id EE12A14A21D; Fri, 13 Jan 2012 13:20:53 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id EA9BE14A216 for ; Fri, 13 Jan 2012 13:20:50 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id K4mxPi9_Y_FQ for ; Fri, 13 Jan 2012 13:20:50 +0000 (UTC) Received: from cvs.netbsd.org (cvs.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe30:95bd]) by mail.netbsd.org (Postfix) with ESMTP id 227FD14A1F9 for ; Fri, 13 Jan 2012 13:20:50 +0000 (UTC) Received: by cvs.netbsd.org (Postfix, from userid 500) id 0BE33175DD; Fri, 13 Jan 2012 13:20:50 +0000 (UTC) MIME-Version: 1.0 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Date: Fri, 13 Jan 2012 13:20:50 +0000 From: "Matthias Scheler" Subject: CVS commit: [pkgsrc-2011Q4] pkgsrc/www/mediawiki To: pkgsrc-changes@NetBSD.org Reply-To: tron@netbsd.org X-Mailer: log_accum Message-Id: <20120113132050.0BE33175DD@cvs.netbsd.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk Module Name: pkgsrc Committed By: tron Date: Fri Jan 13 13:20:49 UTC 2012 Modified Files: pkgsrc/www/mediawiki [pkgsrc-2011Q4]: Makefile PLIST distinfo Log Message: Pullup ticket #3649 - requested by obache www/mediawiki: security update Revisions pulled up: - www/mediawiki/Makefile 1.18 - www/mediawiki/PLIST 1.7 - www/mediawiki/distinfo 1.11 --- Module Name: pkgsrc Committed By: obache Date: Fri Jan 13 11:27:17 UTC 2012 Modified Files: pkgsrc/www/mediawiki: Makefile PLIST distinfo Log Message: Update mediawiki to 1.17.2. == MediaWiki 1.17.2 == 2012-01-11 This a maintenance and security release of the MediaWiki 1.17 branch. === Security changes === * (bug 33117) prop=revisions allows deleted text to be exposed through cache pollution. === Changes since 1.17.1 === * (bug 32709) Private Wiki users were always taken to Special:Badtitle on login. == MediaWiki 1.17.1 == 2011-11-24 This a maintenance and security release of the MediaWiki 1.17 branch. === Security changes === * (bug 32276) Skins were generating output using the internal page title which would allow anonymous users to determine wheter a page exists, potentially leaking private data. In fact, the curid and oldid request parameters would allow page titles to be enumerated even when they are not guessable. * (bug 32616) action=ajax requests were dispatched to the relevant internal functions without any read permission checks being done. This could lead to data leakage on private wikis. To generate a diff of this commit: cvs rdiff -u -r1.17 -r1.17.4.1 pkgsrc/www/mediawiki/Makefile cvs rdiff -u -r1.6 -r1.6.4.1 pkgsrc/www/mediawiki/PLIST cvs rdiff -u -r1.10 -r1.10.4.1 pkgsrc/www/mediawiki/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.