-
Committer:
Package Import Robot
-
Author(s):
Thijs Kinkhorst
-
Date:
2015-04-06 16:53:54 UTC
-
Revision ID:
package-import@ubuntu.com-20150406165354-sme6dft73f81n9r9
Tags: 1:1.19.20+dfsg-2.3
* Non-maintainer upload.
* Add patch fixing several security issues:
- (bug T85848, bug T71210) SECURITY: Don't parse XMP blocks that
contain XML entities, to prevent various DoS attacks.
- (bug T88310) SECURITY: Always expand xml entities when checking
SVG's.
- (bug T73394) SECURITY: Escape > in Html::expandAttributes to
prevent XSS.
- (bug T85855) SECURITY: Don't execute another user's CSS or JS
on preview.
- (bug T85349, bug T85850, bug T86711) SECURITY: Multiple issues
fixed in SVG filtering to prevent XSS and protect viewer's
privacy.