-
Committer:
Package Import Robot
-
Author(s):
Jonathan Wiltshire, Thorsten Glaser, Jonathan Wiltshire
-
Date:
2011-11-30 22:42:52 UTC
-
mfrom:
(16.1.12 sid)
-
Revision ID:
package-import@ubuntu.com-20111130224252-zhag0n99qzf8jc7x
Tags: 1:1.15.5-4
[ Thorsten Glaser ]
* debian/patches/fix_invalid_sql.patch: new (Closes: #615983)
[ Jonathan Wiltshire ]
* Security fixes from upstream (Closes: #650434):
CVE-2011-4360 - page titles on private wikis could be exposed
bypassing different page ids to index.php
CVE-2011-4361 - action=ajax requests were dispatched to the
relevant function without any read permission checks being done