Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [MediaWiki-announce] MediaWiki security release 1.19.1

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [MediaWiki-announce] MediaWiki security release 1.19.1


Chronologisch Thread 
  • From: "Sam Reed" <reedy AT wikimedia.org>
  • To: <wikitech-l AT lists.wikimedia.org>, <mediawiki-l AT lists.wikimedia.org>, <mediawiki-announce AT lists.wikimedia.org>
  • Subject: [IT-SecNots] [MediaWiki-announce] MediaWiki security release 1.19.1
  • Date: Wed, 13 Jun 2012 22:19:53 +0100
  • List-archive: <https://service.piratenpartei.de/pipermail/it-securitynotifies>
  • List-id: Sicherheitsankündigungen <it-securitynotifies.lists.piratenpartei.de>

I would like to announce the release of MediaWiki 1.19.1. One security issue
was discovered.

Both Chris Steipp and Formafix discovered that the uselang http parameter
was vulnerable to XSS.

For more details, see https://bugzilla.wikimedia.org/show_bug.cgi?id=36938

Chris Steipp also improved the blacklisting of bad elements in SVG files.
This includes catching known
hostile files, and also disallowing the upload of svg files that include
remote resources.

This is work is part of an on-going effort to prevent exploits being hidden
in uploaded SVG files.

MediaWiki 1.19.1 also received a couple of other non-security bugfixes.

Full release notes:
https://gerrit.wikimedia.org/r/gitweb?p=mediawiki/core.git;a=blob_plain;f=RE
LEASE-NOTES-1.19;hb=1.19.1

https://www.mediawiki.org/wiki/Release_notes/1.19

**********************************************************************
Download:
http://download.wikimedia.org/mediawiki/1.19/mediawiki-1.19.1.tar.gz

Patch to previous version (1.19.0):
http://download.wikimedia.org/mediawiki/1.19/mediawiki-1.19.1.patch.gz

GPG signatures:
http://download.wikimedia.org/mediawiki/1.19/mediawiki-1.19.1.tar.gz.sig
http://download.wikimedia.org/mediawiki/1.19/mediawiki-1.19.1.patch.gz.sig

Public keys:
https://secure.wikimedia.org/keys.html


_______________________________________________
MediaWiki announcements mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce



  • [IT-SecNots] [MediaWiki-announce] MediaWiki security release 1.19.1, Sam Reed, 13.06.2012

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang