[evolvis-commits] r18326: revert one of the recent patches, 1.15 was unaffected and it broke things

mirabilos at evolvis.org mirabilos at evolvis.org
Wed Apr 11 11:16:54 CEST 2012


Author: mirabilos
Date: 2012-04-11 11:16:54 +0200 (Wed, 11 Apr 2012)
New Revision: 18326

Removed:
   trunk/mediawiki/debian/patches/CVE-2011-4360.patch
Modified:
   trunk/mediawiki/debian/changelog
   trunk/mediawiki/debian/patches/series
Log:
revert one of the recent patches, 1.15 was unaffected and it broke things

Modified: trunk/mediawiki/debian/changelog
===================================================================
--- trunk/mediawiki/debian/changelog	2012-04-11 09:16:53 UTC (rev 18325)
+++ trunk/mediawiki/debian/changelog	2012-04-11 09:16:54 UTC (rev 18326)
@@ -1,3 +1,14 @@
+mediawiki (1:1.15.5-7) unstable; urgency=high
+
+  * debian/patches/CVE-2011-4360.patch: remove – the information
+    disclosure does not happen on 1.15 and the patch would not
+    work anyway because the OutputPage object has no setTitle
+    method (this prevents a PHP fatal error when someone has no
+    permissions, instead reverting to the pre-1:1.15.5-4 behaviour
+    of showing a page asking the user to log in)
+
+ -- Thorsten Glaser <tg at mirbsd.de>  Fri, 20 Jan 2012 17:13:28 +0100
+
 mediawiki (1:1.15.5-6) unstable; urgency=low
 
   [ Thorsten Glaser ]

Modified: trunk/mediawiki/debian/patches/series
===================================================================
--- trunk/mediawiki/debian/patches/series	2012-04-11 09:16:53 UTC (rev 18325)
+++ trunk/mediawiki/debian/patches/series	2012-04-11 09:16:54 UTC (rev 18326)
@@ -13,7 +13,6 @@
 CVE-2011-1579.patch
 CVE-2011-1580.patch
 CVE-2011-1587.patch
-CVE-2011-4360.patch
 CVE-2011-4361.patch
 khtml_not_ff9.patch
 CVE-2012-0046.patch



More information about the evolvis-commits mailing list