[SECURITY] Fedora 18 Update: mediawiki-1.19.5-1.fc18
updates at fedoraproject.org
updates at fedoraproject.org
Tue Apr 30 03:26:17 UTC 2013
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-6171
2013-04-21 02:37:45
--------------------------------------------------------------------------------
Name : mediawiki
Product : Fedora 18
Version : 1.19.5
Release : 1.fc18
URL : http://www.mediawiki.org/
Summary : A wiki engine
Description :
MediaWiki is the software used for Wikipedia and the other Wikimedia
Foundation websites. Compared to other wikis, it has an excellent
range of features and support for high-traffic websites using multiple
servers
This package supports wiki farms. Read the instructions for creating wiki instances under /usr/share/doc/mediawiki-1.19.5/README.RPM.
Remember to remove the config dir after completing the configuration.
--------------------------------------------------------------------------------
Update Information:
*An internal review discovered that specially crafted Lua function names could lead to XSS. https://bugzilla.wikimedia.org/show_bug.cgi?id=46084
*Daniel Franke reported that during SVG parsing, MediaWiki failed to prevent XML external entity (XXE) processing. This could lead to local file disclosure, or potentially remote command execution in environments that have enabled expect:// handling. https://bugzilla.wikimedia.org/show_bug.cgi?id=46859
*Internal review also discovered that Special:Import, and Extension:RSS failed to prevent XML external entity (XXE) processing. https://bugzilla.wikimedia.org/show_bug.cgi?id=47251
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 17 2013 Michael Cronenworth <mike at cchtml.com> - 1.19.5-1
- New upstream release.
* Thu Apr 11 2013 Michael Cronenworth <mike at cchtml.com> - 1.19.4-3
- Update mw-* scripts. (#926899)
* Tue Mar 12 2013 Michael Cronenworth <mike at cchtml.com> - 1.19.4-2
- Update mw-createinstance for new access points.
* Mon Mar 4 2013 Michael Cronenworth <mike at cchtml.com> - 1.19.4-1
- New upstream release.
* Thu Feb 28 2013 Michael Cronenworth <mike at cchtml.com> - 1.19.3-2
- Fix upgrade path.
* Wed Feb 27 2013 Michael Cronenworth <mike at cchtml.com> - 1.19.3-1
- New upstream release.
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.16.5-62
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #953666 - CVE-2013-1951 mediawiki: security releases 1.20.4 and 1.19.5
https://bugzilla.redhat.com/show_bug.cgi?id=953666
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update mediawiki' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list