Viewing all changes in revision 64.
- Committer: Package Import Robot
- Date: 2015-04-06 16:53:54 UTC
- Revision ID: package-import@ubuntu.com-20150406165354-sme6dft73f81n9r9
* Non-maintainer upload.
* Add patch fixing several security issues:
- (bug T85848, bug T71210) SECURITY: Don't parse XMP blocks that
contain XML entities, to prevent various DoS attacks.
- (bug T88310) SECURITY: Always expand xml entities when checking
SVG's.
- (bug T73394) SECURITY: Escape > in Html::expandAttributes to
prevent XSS.
- (bug T85855) SECURITY: Don't execute another user's CSS or JS
on preview.
- (bug T85349, bug T85850, bug T86711) SECURITY: Multiple issues
fixed in SVG filtering to prevent XSS and protect viewer's
privacy.
* Add patch fixing several security issues:
- (bug T85848, bug T71210) SECURITY: Don't parse XMP blocks that
contain XML entities, to prevent various DoS attacks.
- (bug T88310) SECURITY: Always expand xml entities when checking
SVG's.
- (bug T73394) SECURITY: Escape > in Html::expandAttributes to
prevent XSS.
- (bug T85855) SECURITY: Don't execute another user's CSS or JS
on preview.
- (bug T85349, bug T85850, bug T86711) SECURITY: Multiple issues
fixed in SVG filtering to prevent XSS and protect viewer's
privacy.
- files added:
- .pc/security_1.19.24.patch
- .pc/security_1.19.24.patch/includes
- .pc/security_1.19.24.patch/includes/media
- .pc/security_1.19.24.patch/includes/upload
- files modified:
- .pc/applied-patches
expand all
collapse all
added
removed
