headers
Brion Vibber | 4 Dec 2005 12:31
Picon
Favicon
Gravatar

MediaWiki 1.5.3 released [SECURITY]


MediaWiki 1.5.3 is a security and bugfix maintenance release.

Validation of the user language option was broken by a code change in
May 2005, opening the possibility of remote code execution as this
parameter is used in forming a class name dynamically created with
eval().

The validation has been corrected in this version. All prior 1.5 release
and prerelease versions are affected; 1.4 and earlier and not affected.

Additionally several bugs have been fixed; see the changelog in the
release notes for a complete list.

Release notes:
http://sourceforge.net/project/shownotes.php?release_id=375755

Download:
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.5.3.tar.gz?download

MD5 checksum:
fc697787f04208d1842a2c646deca626  mediawiki-1.5.3.tar.gz

SHA-1 checksum:
070189e29ace2ef9ab0589db42ecf849f2b88ee5 mediawiki-1.5.3.tar.gz

Before asking for help, try the FAQ:
http://meta.wikimedia.org/wiki/MediaWiki_FAQ

Low-traffic release announcements mailing list:
(Continue reading)

Permalink | Reply | 0 comments |
headers
Brion Vibber | 22 Dec 2005 01:25
Picon
Favicon
Gravatar

MediaWiki 1.5.4 released


MediaWiki 1.5.4 is a security and bugfix maintenance release.

A hardcoded internal placeholder string has been replaced with a random
one. This closes a hole where security checks in inline style attributes
could be bypassed, injecting JavaScript code that could execute in
Microsoft Internet Explorer.

Other browsers would not be vulnerable.

Several minor fixes are included in this release, most notably a fix
to clear the "you have new messages" flag properly for usernames
containing spaces when e-mail notification is enabled.

See the changelog at the end of the release notes for a full list of
fixes.

Release notes:
http://sourceforge.net/project/shownotes.php?release_id=379951

Download:
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.5.4.tar.gz?download

MD5 checksum:
c5cff706c4d2fc8dd5aabd10f1714be0  mediawiki-1.5.4.tar.gz

SHA-1 checksum:
12ccdbdd295152937595d4a00c41ae156bf19015 mediawiki-1.5.4.tar.gz

Before asking for help, try the FAQ:
(Continue reading)

Permalink | Reply | 0 comments |

Gmane