Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: <updates <at> fedoraproject.org>
Subject: [SECURITY] Fedora 18 Update: mediawiki-1.19.5-1.fc18
Newsgroups: gmane.linux.redhat.fedora.package.announce
Date: Tuesday 30th April 2013 03:26:17 UTC (over 3 years ago)
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-6171
2013-04-21 02:37:45
--------------------------------------------------------------------------------

Name        : mediawiki
Product     : Fedora 18
Version     : 1.19.5
Release     : 1.fc18
URL         : http://www.mediawiki.org/
Summary     : A wiki engine
Description :
MediaWiki is the software used for Wikipedia and the other Wikimedia
Foundation websites. Compared to other wikis, it has an excellent
range of features and support for high-traffic websites using multiple
servers

This package supports wiki farms. Read the instructions for creating wiki
instances under /usr/share/doc/mediawiki-1.19.5/README.RPM.
Remember to remove the config dir after completing the configuration.

--------------------------------------------------------------------------------
Update Information:

*An internal review discovered that specially crafted Lua function names
could lead to XSS. https://bugzilla.wikimedia.org/show_bug.cgi?id=46084

*Daniel Franke reported that during SVG parsing, MediaWiki failed to
prevent XML external entity (XXE) processing. This could lead to local file
disclosure, or potentially remote command execution in environments that
have enabled expect:// handling. https://bugzilla.wikimedia.org/show_bug.cgi?id=46859

*Internal review also discovered that Special:Import, and Extension:RSS
failed to prevent XML external entity (XXE) processing. https://bugzilla.wikimedia.org/show_bug.cgi?id=47251
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 17 2013 Michael Cronenworth  - 1.19.5-1
- New upstream release.
* Thu Apr 11 2013 Michael Cronenworth  - 1.19.4-3
- Update mw-* scripts. (#926899)
* Tue Mar 12 2013 Michael Cronenworth  - 1.19.4-2
- Update mw-createinstance for new access points.
* Mon Mar  4 2013 Michael Cronenworth  - 1.19.4-1
- New upstream release.
* Thu Feb 28 2013 Michael Cronenworth  - 1.19.3-2
- Fix upgrade path.
* Wed Feb 27 2013 Michael Cronenworth  - 1.19.3-1
- New upstream release.
* Thu Feb 14 2013 Fedora Release Engineering
 - 1.16.5-62
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #953666 - CVE-2013-1951 mediawiki: security releases 1.20.4 and
1.19.5
        https://bugzilla.redhat.com/show_bug.cgi?id=953666
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update mediawiki' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on
the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/package-announce
 
CD: 2ms