[Pkg-mediawiki-devel] [MediaWiki-announce] MediaWiki 1.5.3 released [SECURITY]

Brion Vibber brion at pobox.com
Sun Dec 4 11:31:59 UTC 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

MediaWiki 1.5.3 is a security and bugfix maintenance release.

Validation of the user language option was broken by a code change in
May 2005, opening the possibility of remote code execution as this
parameter is used in forming a class name dynamically created with
eval().

The validation has been corrected in this version. All prior 1.5 release
and prerelease versions are affected; 1.4 and earlier and not affected.

Additionally several bugs have been fixed; see the changelog in the
release notes for a complete list.


Release notes:
http://sourceforge.net/project/shownotes.php?release_id=375755

Download:
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.5.3.tar.gz?download

MD5 checksum:
fc697787f04208d1842a2c646deca626  mediawiki-1.5.3.tar.gz

SHA-1 checksum:
070189e29ace2ef9ab0589db42ecf849f2b88ee5 mediawiki-1.5.3.tar.gz


Before asking for help, try the FAQ:
http://meta.wikimedia.org/wiki/MediaWiki_FAQ

Low-traffic release announcements mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce

Wiki admin help mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l

Bug report system:
http://bugzilla.wikimedia.org/

Play "stump the developers" live on IRC:
#mediawiki on irc.freenode.net

- -- brion vibber (brion @ pobox.com / brion @ wikimedia.org)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFDktOvwRnhpk1wk44RAi/tAJ9NlfTJTqW+9xTC6xaeOple14hFLQCgpyBn
/hIyYleol9gFbHfMgzJCyy8=
=fdzu
-----END PGP SIGNATURE-----
_______________________________________________
MediaWiki-announce mailing list
MediaWiki-announce at wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce



More information about the Pkg-mediawiki-devel mailing list