[ Jonathan Wiltshire ] * New upstream security release (closes: #585918). * CVE-2010-1647: Fix a cross-site scripting (XSS) vulnerability which allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) strings that are processed as script by Internet Explorer. * CVE-2010-1648: Fix a cross-site request forgery (CSRF) vulnerability in the login interface which allows remote attackers to hijack the authentication of users for requests that (1) create accounts or (2) reset passwords, related to the Special:Userlogin form.
[ Romain Beauxis ] * Put debian's package version in declared version. Should help sysadmins to keep track of installed versions, in particular with regard to security updates. * Added Jonathan Wiltshire to uploaders. * Do not clan math dir if it does not exist (for instance when running clean from SVN).