[Pkg-mediawiki-devel] [Fwd: [MediaWiki-announce] MediaWiki security update: 1.15.1 and 1.14.1]
Karl Schmidt
karl at xtronics.com
Thu Jul 16 21:40:33 UTC 2009
-------- Original Message --------
Subject: [MediaWiki-announce] MediaWiki security update: 1.15.1 and 1.14.1
Date: Tue, 14 Jul 2009 04:51:55 +1000
From: Tim Starling <tstarling at wikimedia.org>
Reply-To: mediawiki-l at lists.wikimedia.org
To: mediawiki-announce at lists.wikimedia.org, mediawiki-l at lists.wikimedia.org,
wikitech-l at lists.wikimedia.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This is a security and bugfix release of MediaWiki 1.15.1 and 1.14.1.
A cross-site scripting (XSS) vulnerability was discovered in
[[Special:Block]]. Only versions 1.14.0, 1.15.0 and release candidates
for those releases are affected.
Cross-site scripting vulnerabilities allow an unprivileged attacker to
gain administrator access to the wiki by tricking an administrator
into viewing a page which emits a malicious script. The malicious
script may also be able to gain privileged access to other
applications on the same domain.
Other changes in these releases:
1.15.1:
* Fixed fatal errors for unusual file repository configurations, such
as ForeignAPIRepo.
* Fixed the "change password" link on Special:Preferences to have the
correct returnto parameter.
1.14.1:
* (bug 17737) Fixed russian URLs for Special:BookSources
* (bug 17713) Using links with only an anchor no longer add an dummy
entry in the pagelinks table
* (bug 17897) Fixed string offset error in <pre> tags
* (bug 17832) Fixed action=delete returning 'unknownerror' instead of
'permissiondenied' when the user is blocked
* Fixed performance regression when accessing deleted (archived) files
Upgrade FAQ:
http://www.mediawiki.org/wiki/Manual:FAQ#Upgrading
**********************************************************************
1.14.1
**********************************************************************
Download:
http://download.wikimedia.org/mediawiki/1.14/mediawiki-1.14.1.tar.gz
Patch to previous version (1.14.0), without interface text:
http://download.wikimedia.org/mediawiki/1.14/mediawiki-1.14.1.patch.gz
Interface text changes:
http://download.wikimedia.org/mediawiki/1.14/mediawiki-i18n-1.14.1.patch.gz
GPG signatures:
http://download.wikimedia.org/mediawiki/1.14/mediawiki-1.14.1.tar.gz.sig
http://download.wikimedia.org/mediawiki/1.14/mediawiki-1.14.1.patch.gz.sig
http://download.wikimedia.org/mediawiki/1.14/mediawiki-i18n-1.14.1.patch.gz.sig
Public keys:
https://secure.wikimedia.org/keys.html
**********************************************************************
1.15.1
**********************************************************************
Download:
http://download.wikimedia.org/mediawiki/1.15/mediawiki-1.15.1.tar.gz
Patch to previous version (1.15.0):
http://download.wikimedia.org/mediawiki/1.15/mediawiki-1.15.1.patch.gz
GPG signatures:
http://download.wikimedia.org/mediawiki/1.15/mediawiki-1.15.1.tar.gz.sig
http://download.wikimedia.org/mediawiki/1.15/mediawiki-1.15.1.patch.gz.sig
Public keys:
https://secure.wikimedia.org/keys.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkpbgkoACgkQdWgrCOij/sRAOgCgwk2XTXrxMkRrxsxNsAZj2EGK
CC0AoJ78EAOW0rGxs+K1NjFO59XfS1RS
=ZcRE
-----END PGP SIGNATURE-----
_______________________________________________
MediaWiki announcements mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
--
!!!>> INCLUDE ALL TEXT IN TECHNICAL SUPPORT EMAIL REPLIES!!!!!!!
Please reply in plain-text mode
--------------------------------------------------------------------------------
Karl Schmidt EMail Karl at xtronics.com
Transtronics, Inc. WEB http://xtronics.com
3209 West 9th Street Ph (785) 841-3089
Lawrence, KS 66049 FAX (785) 841-0434
I can live for two months on a good compliment. -- Mark Twain
--------------------------------------------------------------------------------
More information about the Pkg-mediawiki-devel
mailing list