[SECURITY] Fedora 17 Update: mediawiki-1.19.5-1.fc17
updates at fedoraproject.org
updates at fedoraproject.org
Tue Apr 30 03:32:13 UTC 2013
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-6170
2013-04-21 02:37:43
--------------------------------------------------------------------------------
Name : mediawiki
Product : Fedora 17
Version : 1.19.5
Release : 1.fc17
URL : http://www.mediawiki.org/
Summary : A wiki engine
Description :
MediaWiki is the software used for Wikipedia and the other Wikimedia
Foundation websites. Compared to other wikis, it has an excellent
range of features and support for high-traffic websites using multiple
servers
This package supports wiki farms. Read the instructions for creating wiki instances under /usr/share/doc/mediawiki-1.19.5/README.RPM.
Remember to remove the config dir after completing the configuration.
--------------------------------------------------------------------------------
Update Information:
*An internal review discovered that specially crafted Lua function names could lead to XSS. https://bugzilla.wikimedia.org/show_bug.cgi?id=46084
*Daniel Franke reported that during SVG parsing, MediaWiki failed to prevent XML external entity (XXE) processing. This could lead to local file disclosure, or potentially remote command execution in environments that have enabled expect:// handling. https://bugzilla.wikimedia.org/show_bug.cgi?id=46859
*Internal review also discovered that Special:Import, and Extension:RSS failed to prevent XML external entity (XXE) processing. https://bugzilla.wikimedia.org/show_bug.cgi?id=47251
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 17 2013 Michael Cronenworth <mike at cchtml.com> - 1.19.5-1
- New upstream release.
* Thu Apr 11 2013 Michael Cronenworth <mike at cchtml.com> - 1.19.4-3
- Update mw-* scripts. (#926899)
* Tue Mar 12 2013 Michael Cronenworth <mike at cchtml.com> - 1.19.4-2
- Update mw-createinstance for new access points.
* Mon Mar 4 2013 Michael Cronenworth <mike at cchtml.com> - 1.19.4-1
- New upstream release.
* Thu Feb 28 2013 Michael Cronenworth <mike at cchtml.com> - 1.19.3-2
- Fix upgrade path.
* Wed Feb 27 2013 Michael Cronenworth <mike at cchtml.com> - 1.19.3-1
- New upstream release.
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.16.5-62
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.16.5-61
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #953666 - CVE-2013-1951 mediawiki: security releases 1.20.4 and 1.19.5
https://bugzilla.redhat.com/show_bug.cgi?id=953666
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update mediawiki' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list