Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [MediaWiki-announce] MediaWiki security release 1.17.1

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [MediaWiki-announce] MediaWiki security release 1.17.1


Chronologisch Thread 
  • From: "Sam Reed" <reedy AT wikimedia.org>
  • To: <mediawiki-announce AT lists.wikimedia.org>, <mediawiki-l AT lists.wikimedia.org>, <wikitech-l AT lists.wikimedia.org>
  • Subject: [IT-SecNots] [MediaWiki-announce] MediaWiki security release 1.17.1
  • Date: Mon, 28 Nov 2011 23:13:26 -0000
  • List-archive: <https://service.piratenpartei.de/pipermail/it-securitynotifies>
  • List-id: Sicherheitsankündigungen <it-securitynotifies.lists.piratenpartei.de>

I would like to announce the release of MediaWiki 1.17.1. Two security
issues were discovered.

Alexandre Emsenhuber discovered an issue where page titles on private
wikis could be exposed bypassing different page ids to index.php. In the
case of the user not having correct permissions, they will now be redirected
to Special:BadTitle.

For more details, see https://bugzilla.wikimedia.org/show_bug.cgi?id=32276

The second issue was found by Tim Starling, who discovered that action=ajax
requests were dispatched to the relevant function without any read
permission checks being done. This could have led to data leakage on
private wikis.

For more details, see https://bugzilla.wikimedia.org/show_bug.cgi?id=32616

**********************************************************************
Download:
http://download.wikimedia.org/mediawiki/1.17/mediawiki-1.17.1.tar.gz

Patch to previous version (1.17.0), without interface text:
http://download.wikimedia.org/mediawiki/1.17/mediawiki-1.17.15.patch.gz
Interface text changes:
http://download.wikimedia.org/mediawiki/1.17/mediawiki-i18n-1.17.1.patch.gz

GPG signatures:
http://download.wikimedia.org/mediawiki/1.17/mediawiki-1.17.1.tar.gz.sig
http://download.wikimedia.org/mediawiki/1.17/mediawiki-1.17.1.patch.gz.sig
http://download.wikimedia.org/mediawiki/1.17/mediawiki-i18n-1.17.1.patch.gz.
sig

Public keys:
https://secure.wikimedia.org/keys.html



_______________________________________________
MediaWiki announcements mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce



  • [IT-SecNots] [MediaWiki-announce] MediaWiki security release 1.17.1, Sam Reed, 29.11.2011

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang