oss-sec mailing list archives
Re: MediaWiki releases 1.19.17, 1.21.11, 1.22.8 and 1.23.1
From: Chris Steipp <csteipp () wikimedia org>
Date: Wed, 25 Jun 2014 17:03:33 -0700
Since the bug is public now (http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-June/000155.html), I didn't get a CVE in advance because I thought this was likely a hardening fix. We couldn't find a way to exploit it to actually track a user on our site. However, we kept it private until we released the patch, since we weren't sure it couldn't be exploited on a wiki with non-standard image handling. On Wed, Jun 25, 2014 at 4:00 AM, Henri Salo <henri () nerv fi> wrote:
http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-June/000154.html """ this is a notice that on Wednesday, June 25th, between 20:00-22:00 UTC we will release security and maintenance updates for all current and supported branches of the MediaWiki software. Downloads and patches will be available at that time. """ I'm not sure if those vulnerabilities already have CVEs. I asked from Markus G. Also please note End of lifetime announcement for MediaWiki 1.21 http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-June/000153.html --- Henri Salo
Current thread:
- MediaWiki releases 1.19.17, 1.21.11, 1.22.8 and 1.23.1 Henri Salo (Jun 25)
- Re: MediaWiki releases 1.19.17, 1.21.11, 1.22.8 and 1.23.1 Chris Steipp (Jun 25)
- Re: MediaWiki releases 1.19.17, 1.21.11, 1.22.8 and 1.23.1 Hanno Böck (Jun 26)
- Re: MediaWiki releases 1.19.17, 1.21.11, 1.22.8 and 1.23.1 cve-assign (Jun 27)
- Re: MediaWiki releases 1.19.17, 1.21.11, 1.22.8 and 1.23.1 Chris Steipp (Jun 25)