Change log for mediawiki package in Debian
| 1 → 50 of 138 results | First • Previous • Next • Last |
| Published in sid-release |
mediawiki (1:1.39.5-1) unstable; urgency=medium
* New upstream version 1.39.5, fixing CVE-2023-3550,
CVE-2023-45359, CVE-2023-45360, CVE-2023-45361, CVE-2023-45362,
CVE-2023-45363, CVE-2023-45364.
-- Kunal Mehta <email address hidden> Mon, 09 Oct 2023 15:00:33 -0400
| Published in bullseye-release |
mediawiki (1:1.35.11-1~deb11u1) bullseye-security; urgency=medium
* New upstream version 1.35.11, fixing CVE-2023-36675,
CVE-2023-36674, CVE-2023-29141 and CVE-2022-47927.
* The bundled guzzlehttp/guzzle library was updated to 1.9.1 to fix
CVE-2023-29197.
-- Taavi Väänänen <email address hidden> Fri, 30 Jun 2023 20:34:45 +0300
| Published in bookworm-release |
mediawiki (1:1.39.4-1~deb12u1) bookworm-security; urgency=medium
[ Taavi Väänänen ]
* New upstream version 1.39.4, fixing CVE-2023-29141, CVE-2023-36674
and CVE-2023-36675.
* The bundled guzzlehttp/guzzle library was updated to 2.4.5 to fix
CVE-2023-29197.
* Update config for the bookworm branch.
[ Kunal Mehta ]
* Set Breaks/Replaces for mediawiki-extensions-math (Closes: #1039075)
-- Kunal Mehta <email address hidden> Tue, 04 Jul 2023 15:19:28 -0400
| Superseded in sid-release |
mediawiki (1:1.39.4-2) unstable; urgency=medium * Set Breaks/Replaces for mediawiki-extensions-math (Closes: #1039075) -- Kunal Mehta <email address hidden> Tue, 04 Jul 2023 02:42:01 -0400
Available diffs
- diff from 1:1.39.4-1 to 1:1.39.4-2 (506 bytes)
| Superseded in sid-release |
mediawiki (1:1.39.4-1) unstable; urgency=medium
[ Kunal Mehta ]
* Update apache2 config for PHP 8
* Set "X-Content-Type-Options: nosniff" header for image directories
* Remove pre-Apache 2.3 support
[ Taavi Väänänen ]
* New upstream version 1.39.4, fixing CVE-2023-29141, CVE-2023-36674
and CVE-2023-36675.
* The bundled guzzlehttp/guzzle library was updated to 2.4.5 to fix
CVE-2023-29197.
-- Taavi Väänänen <email address hidden> Fri, 30 Jun 2023 19:44:00 +0300
Available diffs
- diff from 1:1.39.2-1 to 1:1.39.4-1 (2.8 MiB)
mediawiki (1:1.39.2-1) unstable; urgency=medium * New upstream version 1.39.2 * d/control: Raise minimum PHP version to 7.4 -- Taavi Väänänen <email address hidden> Thu, 23 Feb 2023 15:13:02 +0200
Available diffs
- diff from 1:1.39.1-2 to 1:1.39.2-1 (1.0 MiB)
| Superseded in sid-release |
mediawiki (1:1.39.1-2) unstable; urgency=medium * d/copyright: Remove stale entry for vendor/wikimedia/dodo/* * d/rules: Raise Standards-Version to 4.6.2, no changes needed * d/control: Add a Breaks: for old GreyStuff versions -- Taavi Väänänen <email address hidden> Tue, 27 Dec 2022 12:34:25 +0200
Available diffs
- diff from 1:1.35.8-1.1 to 1:1.39.1-2 (24.7 MiB)
- diff from 1:1.39.1-1 to 1:1.39.1-2 (798 bytes)
| Superseded in sid-release |
mediawiki (1:1.39.1-1) unstable; urgency=medium * New upstream version 1.39.1 -- Taavi Väänänen <email address hidden> Fri, 23 Dec 2022 12:09:19 +0200
Available diffs
- diff from 1:1.39.0-2 to 1:1.39.1-1 (659.1 KiB)
| Superseded in bullseye-release |
mediawiki (1:1.35.8-1~deb11u1) bullseye-security; urgency=medium
[ Kunal Mehta ]
* New upstream version 1.35.8, fixing CVE-2021-44854
CVE-2021-44855, CVE-2021-44856, CVE-2022-28201,
CVE-2022-28202, CVE-2022-28203, CVE-2022-34911,
CVE-2022-34912, CVE-2022-41765, CVE-2022-41767.
* The bundled guzzle library was updated, fixing
CVE-2022-29248, CVE-2022-31042, CVE-2022-31043,
CVE-2022-31090, CVE-2022-31091.
* Drop patches merged upstream
-- Kunal Mehta <email address hidden> Sun, 02 Oct 2022 21:12:44 -0400
| Superseded in sid-release |
mediawiki (1:1.39.0-2) unstable; urgency=medium * Cherry-pick upstream patch to fix 32-bit issues in wikimedia/idle-dom -- Kunal Mehta <email address hidden> Sun, 11 Dec 2022 20:10:05 -0500
Available diffs
- diff from 1:1.39.0-1 to 1:1.39.0-2 (1.6 KiB)
| Superseded in sid-release |
mediawiki (1:1.39.0-1) unstable; urgency=medium * New upstream version 1.39.0 -- Taavi Väänänen <email address hidden> Sun, 04 Dec 2022 22:20:45 +0200
Available diffs
- diff from 1:1.35.8-1.1 to 1:1.39.0-1 (24.7 MiB)
| Deleted in experimental-release (Reason: None provided.) |
mediawiki (1:1.39.0~rc.1-1) experimental; urgency=medium * New upstream version 1.39.0~rc.1 * Drop patch merged upstream -- Kunal Mehta <email address hidden> Sun, 16 Oct 2022 16:34:30 -0400
| Superseded in sid-release |
mediawiki (1:1.35.8-1.1) unstable; urgency=medium * Non-maintainer upload. * No source change upload to rebuild with debhelper 13.10. -- Michael Biebl <email address hidden> Sat, 15 Oct 2022 12:21:41 +0200
Available diffs
- diff from 1:1.35.7-1 to 1:1.35.8-1.1 (2.1 MiB)
| Superseded in sid-release |
mediawiki (1:1.35.8-1) unstable; urgency=medium
* New upstream version 1.35.8, fixing CVE-2022-41765 and
CVE-2022-41767.
-- Kunal Mehta <email address hidden> Sun, 02 Oct 2022 21:40:07 -0400
| Superseded in experimental-release |
mediawiki (1:1.39.0~rc.0-1) experimental; urgency=medium
[ Taavi Väänänen ]
* New upstream version 1.39.0~rc.0
* Update packaging for 1.39 changes
* php-intl is now required
* Add patch to drop symfony/php73-polyfill dependency
* Standards-Version: 4.6.1, no changes needed
[ Kunal Mehta ]
* Have SyntaxHighlight use packaged pygmentize, rather than bundled
* Promote imagemagick to Recommends, remove from Suggests
-- Kunal Mehta <email address hidden> Sun, 25 Sep 2022 19:32:19 -0400
| Superseded in sid-release |
mediawiki (1:1.35.7-1) unstable; urgency=medium
[ Taavi Väänänen ]
* New upstream release 1.35.7, fixing CVE-2022-27776 and
CVE-2022-29248 in the embedded guzzlehttp/guzzle library.
[ Kunal Mehta ]
* Officially switch to team maintenance, add Taavi to uploaders
-- Kunal Mehta <email address hidden> Sun, 03 Jul 2022 11:14:52 -0700
Available diffs
- diff from 1:1.35.6-1 to 1:1.35.7-1 (1.2 MiB)
| Superseded in sid-release |
mediawiki (1:1.35.6-1) unstable; urgency=medium
* Team upload.
* New upstream version 1.35.6, fixing CVE-2022-28201, CVE-2022-28202,
CVE-2022-28203. This version is not affected by CVE-2022-28204.
* Update php extension recommends from composer.json
-- Taavi Väänänen <email address hidden> Fri, 01 Apr 2022 16:49:04 +0300
Available diffs
| Published in buster-release |
mediawiki (1:1.31.16-1+deb10u2) buster-security; urgency=high
* Backport fix for CVE-2021-44858. This version is not vulnerable to
CVE-2021-44857 nor CVE-2021-45038.
-- Kunal Mehta <email address hidden> Tue, 14 Dec 2021 18:48:51 -0800
| Superseded in bullseye-release |
mediawiki (1:1.35.4-1+deb11u2) bullseye-security; urgency=high
* Cherry-pick upstream patches fixing CVE-2021-44858, CVE-2021-44857,
CVE-2021-45038.
-- Kunal Mehta <email address hidden> Tue, 14 Dec 2021 18:31:53 -0800
| Superseded in sid-release |
mediawiki (1:1.35.5-2) unstable; urgency=medium
[ Lucas Werkmeister ]
* Remove PHP 5 support from mediawiki.conf
[ Kunal Mehta ]
* Make it easier to debug autopkgtest failures
* Increase PHP's max_execution_time for autopkgtests to 300s, thanks
to Paul Gevers and Bryce Harrington for input and helping test.
-- Kunal Mehta <email address hidden> Thu, 27 Jan 2022 00:46:22 -0800
| Superseded in sid-release |
mediawiki (1:1.35.5-1) unstable; urgency=high
[ Kunal Mehta ]
* New upstream version 1.35.5, fixing CVE-2021-44854, CVE-2021-44855,
CVE-2021-44856, CVE-2021-44857, CVE-2021-44858, CVE-2021-45038.
[ Debian Janitor ]
* Remove constraints unnecessary since buster
-- Kunal Mehta <email address hidden> Thu, 30 Sep 2021 20:42:36 -0700
Available diffs
- diff from 1:1.35.4-1 to 1:1.35.5-1 (1.8 MiB)
| Superseded in buster-release |
mediawiki (1:1.31.16-1~deb10u1) buster-security; urgency=medium
* New upstream version 1.31.16, fixing CVE-2021-35197, CVE-2021-41798,
CVE-2021-41799, CVE-2021-41800, CVE-2021-41801.
-- Kunal Mehta <email address hidden> Thu, 30 Sep 2021 10:28:36 -0700
| Superseded in bullseye-release |
mediawiki (1:1.35.4-1~deb11u1) bullseye-security; urgency=high
* New upstream version 1.35.4, fixing CVE-2021-35197, CVE-2021-41798,
CVE-2021-41799, CVE-2021-41800, CVE-2021-41801.
-- Kunal Mehta <email address hidden> Thu, 30 Sep 2021 11:39:53 -0700
| Superseded in sid-release |
mediawiki (1:1.35.4-1) unstable; urgency=medium
* New upstream version 1.35.4, fixing CVE-2021-41798, CVE-2021-41799,
CVE-2021-41800, CVE-2021-41801.
-- Kunal Mehta <email address hidden> Thu, 30 Sep 2021 10:49:49 -0700
Available diffs
- diff from 1:1.35.3-1 to 1:1.35.4-1 (12.2 KiB)
| Superseded in sid-release |
mediawiki (1:1.35.3-1) unstable; urgency=medium [ Kunal Mehta ] * New upstream version 1.35.3, fixing CVE-2021-35197. [ Tobias Wiese ] * d/tests: update test restrictions (Closes: #987976) * d/tests: Add systemd as test dependency -- Kunal Mehta <email address hidden> Fri, 20 Aug 2021 23:56:23 -0700
Available diffs
- diff from 1:1.35.2-1 to 1:1.35.3-1 (57.8 KiB)
| Superseded in buster-release |
mediawiki (1:1.31.14-1~deb10u1) buster-security; urgency=medium
* New upstream version 1.31.14, fixing CVE-2021-30152, CVE-2021-30154,
CVE-2021-30155, CVE-2021-30157, CVE-2021-30158, CVE-2021-30159.
This version is not affected by CVE-2021-30153.
* The pygments lexers vulnerable to CVE-2021-20270, CVE-2021-27291
were disabled to mitigate the exploit.
-- Kunal Mehta <email address hidden> Thu, 08 Apr 2021 14:08:21 -0700
mediawiki (1:1.35.2-1) unstable; urgency=high
* New upstream version 1.35.2, fixing CVE-2021-30152, CVE-2021-30153,
CVE-2021-30154, CVE-2021-30155, CVE-2021-30157, CVE-2021-30158,
CVE-2021-30159, CVE-2021-30458.
* Bundled pygments was updated to fix CVE-2021-20270, CVE-2021-27291.
-- Kunal Mehta <email address hidden> Thu, 08 Apr 2021 13:41:18 -0700
Available diffs
- diff from 1:1.35.1-2 to 1:1.35.2-1 (207.3 KiB)
| Superseded in buster-release |
mediawiki (1:1.31.12-1~deb10u1) buster-security; urgency=medium
* New upstream version 1.31.12, fixing CVE-2020-35475, CVE-2020-35477,
CVE-2020-35479, CVE-2020-35480.
This version is not affected by CVE-2020-35474 nor CVE-2020-35478.
* Respect $wgRedirectOnLogin configuration setting (Closes: #971986).
* Flatten footer links without triggering a PHP warning (Closes: #971985).
-- Kunal Mehta <email address hidden> Thu, 17 Dec 2020 15:30:11 -0800
| Superseded in sid-release |
mediawiki (1:1.35.1-2) unstable; urgency=medium * Make it easier to install for use with SQLite (Closes: #979686) -- Kunal Mehta <email address hidden> Wed, 03 Feb 2021 15:01:01 -0800
Available diffs
- diff from 1:1.35.1-1 to 1:1.35.1-2 (520 bytes)
| Superseded in sid-release |
mediawiki (1:1.35.1-1) unstable; urgency=medium
* New upstream version 1.35.1, fixing CVE-2020-35474, CVE-2020-35475,
CVE-2020-35477, CVE-2020-35478, CVE-2020-35479, CVE-2020-35480.
* Respect $wgRedirectOnLogin configuration setting (Closes: #971986).
* Flatten footer links without triggering a PHP warning (Closes: #971985).
* Drop patches merged upstream
-- Kunal Mehta <email address hidden> Thu, 17 Dec 2020 17:53:57 -0800
Available diffs
- diff from 1:1.35.0-2 to 1:1.35.1-1 (96.0 KiB)
| Superseded in sid-release |
mediawiki (1:1.35.0-2) unstable; urgency=medium * Refactor autopkgtests to make easier to reuse * Fixup lintian overrides * d/watch: Switch to version=4 * Add patches for PHP 8.0 and newer Postgres compatibility * Standards-Version: 4.5.1, no changes needed -- Kunal Mehta <email address hidden> Mon, 14 Dec 2020 10:56:11 -0800
Available diffs
- diff from 1:1.35.0-1 to 1:1.35.0-2 (3.4 KiB)
| Superseded in buster-release |
mediawiki (1:1.31.10-1~deb10u1) buster-security; urgency=medium
* New upstream version 1.31.10, fixing CVE-2020-15005,
CVE-2020-25812, CVE-2020-25813, CVE-2020-25814,
CVE-2020-25827, CVE-2020-25828.
CVE-2020-25689 does not affect this package, it requires an
additional extension.
* Additionally, mitigations for firejail's CVE-2020-17367,
CVE-2020-17368 are included as well.
-- Kunal Mehta <email address hidden> Thu, 24 Sep 2020 15:29:07 -0700
| Superseded in sid-release |
mediawiki (1:1.35.0-1) unstable; urgency=medium
* Upload to unstable.
* New upstream version 1.35.0, fixing CVE-2020-25812,
CVE-2020-25813, CVE-2020-25814, CVE-2020-25815,
CVE-2020-25827, CVE-2020-25828.
* Additionally, mitigations for firejail's CVE-2020-17367,
CVE-2020-17368 are included as well.
* Require PHP 7.3+ (thanks to Platonides for the suggestion).
-- Kunal Mehta <email address hidden> Sun, 27 Sep 2020 04:16:53 -0700
Available diffs
- diff from 1:1.31.8-1 to 1:1.35.0-1 (28.9 MiB)
| Deleted in experimental-release (Reason: None provided.) |
mediawiki (1:1.35.0~rc.3-1) experimental; urgency=medium * New upstream version 1.35.0~rc.3 -- Kunal Mehta <email address hidden> Sat, 05 Sep 2020 02:48:24 -0700
| Superseded in experimental-release |
mediawiki (1:1.35.0~rc.2-1) experimental; urgency=medium * New upstream version 1.35.0~rc.2 * Avoid installing more sets of PHPUnit tests * Don't have logrotate create files as root:adm * Recommend php-gmp for a performance boost -- Kunal Mehta <email address hidden> Fri, 21 Aug 2020 23:49:28 -0700
| Superseded in experimental-release |
mediawiki (1:1.35.0~rc.1-1) experimental; urgency=medium * New upstream version 1.35.0~rc.1 * Drop legacy /etc/mediawiki-extensions/extensions-available/ directory * Log errors, exceptions and fatals by default * Stop installing legacy /etc/mediawiki/mediawiki.conf * Use mime.types provided by MediaWiki (Closes: #903876) * Set $wgCacheDirectory = '/var/cache/mediawiki' by default -- Kunal Mehta <email address hidden> Fri, 07 Aug 2020 14:50:37 -0700
| Superseded in experimental-release |
mediawiki (1:1.35.0~rc.0-1) experimental; urgency=medium
* New upstream version 1.35.0~rc.0
* Recommend php-luasandbox/lua5.1 for the Scribunto extension
* Includes Parsoid library (Closes: #831424)
* Switch to debhelper compat 13
* Fix autopkgtests by using a "stronger" password and explicitly
passing --scriptpath to the installer.
-- Kunal Mehta <email address hidden> Sat, 01 Aug 2020 01:40:37 -0700
| Superseded in sid-release |
mediawiki (1:1.31.8-1) unstable; urgency=medium * New upstream version 1.31.8, fixing CVE-2020-15005. * Use debhelper 12 and dh_installsystemd. -- Kunal Mehta <email address hidden> Wed, 24 Jun 2020 14:25:22 -0700
Available diffs
- diff from 1:1.31.7-1 to 1:1.31.8-1 (11.9 KiB)
| Superseded in buster-release |
mediawiki (1:1.31.7-1~deb10u1) buster-security; urgency=medium
* New upstream version 1.31.7, fixing CVE-2020-10960.
CVE-2020-10960 does not affect this version of MediaWiki.
* A hardening fix was included for the OATHAuth extension to
limit access of user-controlled JavaScript.
-- Kunal Mehta <email address hidden> Thu, 26 Mar 2020 14:59:51 -0700
| Superseded in sid-release |
mediawiki (1:1.31.7-1) unstable; urgency=medium
* New upstream version 1.31.7, fixing CVE-2020-10960.
CVE-2020-10960 does not affect this version of MediaWiki.
* A hardening fix was included for the OATHAuth extension to
limit access of user-controlled JavaScript.
* Standards-Version: 4.5.0, no changes needed
-- Kunal Mehta <email address hidden> Thu, 26 Mar 2020 15:30:16 -0700
Available diffs
- diff from 1:1.31.6-1 to 1:1.31.7-1 (5.8 KiB)
| Published in stretch-release |
mediawiki (1:1.27.7-1~deb9u3) stretch-security; urgency=medium
* Fix CVE-2019-19709, backported from upstream
* Disable personal and sitewide CSS/JS on Special:PasswordReset as a
hardening measure, backported from upstream
-- Kunal Mehta <email address hidden> Thu, 12 Dec 2019 14:53:50 -0800
| Superseded in buster-release |
mediawiki (1:1.31.6-1~deb10u1) buster-security; urgency=medium
* New upstream version 1.31.6 (security release), fixing
CVE-2019-19709.
-- Kunal Mehta <email address hidden> Thu, 19 Dec 2019 13:03:58 -0800
| Superseded in sid-release |
mediawiki (1:1.31.6-1) unstable; urgency=medium
* New upstream version 1.31.6, fixing CVE-2019-19709.
* Drop Postgres patches merged upstream
* Suppress a bunch of lintian warnings that are ignored on purpose
* Sync d/upstream/signing-key.asc with upstream
* autopkgtests: set allow-stderr for all tests that use sudo. Thanks
to Mathieu Trudel-Lapierre for reporting and fixing in Ubuntu.
(Closes: #946665)
-- Kunal Mehta <email address hidden> Thu, 19 Dec 2019 13:20:56 -0800
Available diffs
| Superseded in sid-release |
mediawiki (1:1.31.5-3) unstable; urgency=medium
* In autopkgtests, skip testing against mysql-server if it
isn't available, such as in Debian testing
* Move packaging git repository to Salsa and update relevant
documentation
* Set up and configure Salsa CI
* Sync d/upstream/signing-key.asc with upstream
-- Kunal Mehta <email address hidden> Mon, 25 Nov 2019 00:59:49 -0800
Available diffs
- diff from 1:1.31.5-2 to 1:1.31.5-3 (28.9 KiB)
| Superseded in sid-release |
mediawiki (1:1.31.5-2) unstable; urgency=medium
* Add extra debugging information to autopkgtests
* Backport patches from upstream for Postgresql 12 compatibility
(Closes: #944650)
-- Kunal Mehta <email address hidden> Fri, 15 Nov 2019 15:28:16 -0800
Available diffs
| Superseded in buster-release |
mediawiki (1:1.31.4-1~deb10u1) buster-security; urgency=medium
* New upstream version 1.31.4 (security release), fixing
CVE-2019-16738. Add an additional patch, already merged upstream,
to fix a fatal error caused by the upstream security patch.
-- Kunal Mehta <email address hidden> Fri, 11 Oct 2019 14:59:46 -0700
| Superseded in sid-release |
mediawiki (1:1.31.5-1) unstable; urgency=medium
* New upstream version 1.31.5
* Incorporate MySQL autopkgtest improvements from Lars Tangvald
and Robie Basak from Ubuntu:
* Use a different method besides MySQL 8.0's default authentication
because PHP doesn't currently support it.
* Explicitly test MySQL and MariaDB regardless of which one is the
default.
* Standards-Version: 4.4.1, no changes needed
-- Kunal Mehta <email address hidden> Sat, 26 Oct 2019 18:01:59 -0700
Available diffs
| Superseded in sid-release |
mediawiki (1:1.31.4-1) unstable; urgency=medium
* New upstream version 1.31.4 (security release), fixing
CVE-2019-16738.
-- Kunal Mehta <email address hidden> Fri, 11 Oct 2019 14:47:07 -0700
| Superseded in stretch-release |
mediawiki (1:1.27.7-1~deb9u1) stretch-security; urgency=medium
* New upstream version 1.27.6 and 1.27.7 (security release), fixing
CVE-2019-12466, CVE-2019-12467, CVE-2019-12468, CVE-2019-12469,
CVE-2019-12470, CVE-2019-12471, CVE-2019-12472, CVE-2019-12473,
CVE-2019-12474. The bundled jQuery was also updated, fixing
CVE-2019-11358.
-- Kunal Mehta <email address hidden> Thu, 06 Jun 2019 23:20:10 -0400
mediawiki (1:1.31.2-1) unstable; urgency=medium
[ Kunal Mehta ]
* New upstream version 1.31.2 (security release), fixing
CVE-2019-12466, CVE-2019-12467, CVE-2019-12468, CVE-2019-12469,
CVE-2019-12470, CVE-2019-12471, CVE-2019-12472, CVE-2019-12473,
CVE-2019-12474. The bundled jQuery was also updated, fixing
CVE-2019-11358.
* Fix regex that was breaking file uploads in PHP 7.3
(Closes: #928716).
* Sync upstream/signing-key.asc with mediawiki.org.
* Drop patch merged upstream.
* Revert "Temporarily add allow-stderr restriction to autopkgtests",
as it was fixed upstream.
[ Mark A. Hershberger ]
* Fix indentation in README.Debian
-- Kunal Mehta <email address hidden> Wed, 05 Jun 2019 22:40:28 -0400
Available diffs
- diff from 1:1.31.1-4 to 1:1.31.2-1 (256.6 KiB)
| 1 → 50 of 138 results | First • Previous • Next • Last |
