Site Navigation:
security mediawiki-1.20.4-1.fc19 security update
Status:stable
Release: Fedora 19
Update ID: FEDORA-2013-5874
Builds: mediawiki-1.20.4-1.fc19 (logs)
Pushed: True
Date Submitted: 2013-04-17 05:54:18
Date Released: 2013-04-17 16:07:21
Submitter: mooninite
Karma: 0
Stable karma: 3
Unstable karma: -3
Details
  • An internal review discovered that specially crafted Lua function

names could lead to XSS. https://bugzilla.wikimedia.org/show_bug.cgi?id=46084

  • Daniel Franke reported that during SVG parsing, MediaWiki failed to

prevent XML external entity (XXE) processing. This could lead to local file disclosure, or potentially remote command execution in environments that have enabled expect:// handling. https://bugzilla.wikimedia.org/show_bug.cgi?id=46859

  • Internal review also discovered that Special:Import, and

Extension:RSS failed to prevent XML external entity (XXE) processing. https://bugzilla.wikimedia.org/show_bug.cgi?id=47251

Bugs Fixed
952581 - mediawiki-1.20.4 is available
Feedback
bodhi - 2013-04-17 05:55:26
This update has been submitted for testing by mooninite.
autoqa - 2013-04-17 07:27:00
AutoQA: depcheck test PASSED on x86_64. Result log: http://autoqa.fedoraproject.org/report/qz8g (results are informative only)
autoqa - 2013-04-17 08:54:29
AutoQA: depcheck test PASSED on i386. Result log: http://autoqa.fedoraproject.org/report/qzwj (results are informative only)
bodhi - 2013-04-17 13:28:36
This update is currently being pushed to the Fedora 19 testing updates repository.
bodhi - 2013-04-17 16:24:12
This update has been pushed to testing
bodhi - 2013-04-20 22:06:39
This update has reached 3 days in testing and can be pushed to stable now if the maintainer wishes
bodhi - 2013-04-23 22:18:21
This update has been submitted for stable by mooninite.
autoqa - 2013-04-24 07:16:29
AutoQA: upgradepath test PASSED on noarch. Result log: http://autoqa.fedoraproject.org/report/rmd8 (results are informative only)
bodhi - 2013-04-25 03:46:23
This update is currently being pushed to the Fedora 19 stable updates repository.
bodhi - 2013-04-25 14:03:56
This update has been pushed to stable

Add a comment

Tip: Login to impact how quickly this update gets pushed or unpushed.
obfuscated letters