oss-sec mailing list archives
Mediawiki CVE request ( was Fw: [MediaWiki-announce] MediaWiki Security Release: 1.20.5 and 1.19.6)
From: Hanno Böck <hanno () hboeck de>
Date: Wed, 1 May 2013 09:42:49 +0200
Two CVEs for mediawiki please. Begin forwarded message: Date: Tue, 30 Apr 2013 13:14:43 -0700 From: Chris Steipp <csteipp () wikimedia org> To: mediawiki-announce () lists wikimedia org, MediaWiki-l <mediawiki-l () lists wikimedia org>, Wikimedia developers <wikitech-l () lists wikimedia org> Subject: [MediaWiki-announce] MediaWiki Security Release: 1.20.5 and 1.19.6 I would like to announce the release of MediaWiki 1.20.5 and 1.19.6. These releases fix 2 security related issues that could affect users of MediaWiki. Download links are given at the end of this email. * Jan Schejbal / Hatforce.com reported that SVG script filtering could be bypassed for Chrome and Firefox clients by using an encoding that MediaWiki understood, but these browsers interpreted as UTF-8. <https://bugzilla.wikimedia.org/show_bug.cgi?id=47304> * Internal review discovered that extensions were not given the opportunity to disable a password reset, which could lead to circumvention of two-factor authentication. <https://bugzilla.wikimedia.org/show_bug.cgi?id=46590> Full release notes for 1.20.5: <https://www.mediawiki.org/wiki/Release_notes/1.20> Full release notes for 1.19.6: <https://www.mediawiki.org/wiki/Release_notes/1.19> For information about how to upgrade, see <https://www.mediawiki.org/wiki/Manual:Upgrading> ********************************************************************** 1.20.5 ********************************************************************** Download: http://download.wikimedia.org/mediawiki/1.20/mediawiki-1.20.5.tar.gz Patch to previous version (1.20.4), without interface text: http://download.wikimedia.org/mediawiki/1.20/mediawiki-1.20.5.patch.gz Interface text changes: http://download.wikimedia.org/mediawiki/1.20/mediawiki-i18n-1.20.5.patch.gz GPG signatures: http://download.wikimedia.org/mediawiki/1.20/mediawiki-1.20.5.tar.gz.sig http://download.wikimedia.org/mediawiki/1.20/mediawiki-1.20.5.patch.gz.sig http://download.wikimedia.org/mediawiki/1.20/mediawiki-i18n-1.20.5.patch.gz.sig Public keys: https://secure.wikimedia.org/keys.html ********************************************************************** 1.19.6 ********************************************************************** Download: http://download.wikimedia.org/mediawiki/1.19/mediawiki-1.19.6.tar.gz Patch to previous version (1.19.5), without interface text: http://download.wikimedia.org/mediawiki/1.19/mediawiki-1.19.6.patch.gz Interface text changes: http://download.wikimedia.org/mediawiki/1.19/mediawiki-i18n-1.19.6.patch.gz GPG signatures: http://download.wikimedia.org/mediawiki/1.19/mediawiki-1.19.6.tar.gz.sig http://download.wikimedia.org/mediawiki/1.19/mediawiki-1.19.6.patch.gz.sig http://download.wikimedia.org/mediawiki/1.19/mediawiki-i18n-1.19.6.patch.gz.sig Public keys: https://secure.wikimedia.org/keys.html _______________________________________________ MediaWiki announcements mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce -- Hanno Böck mail/jabber: hanno () hboeck de GPG: BBB51E42 http://www.hboeck.de/
Attachment:
signature.asc
Description:
Current thread:
- Mediawiki CVE request ( was Fw: [MediaWiki-announce] MediaWiki Security Release: 1.20.5 and 1.19.6) Hanno Böck (May 01)