-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2013-5874 2013-04-17 16:07:21 --------------------------------------------------------------------------------
Name : mediawiki Product : Fedora 19 Version : 1.20.4 Release : 1.fc19 URL : http://www.mediawiki.org/ Summary : A wiki engine Description : MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances under /usr/share/doc/mediawiki-1.20.4/README.RPM. Remember to remove the config dir after completing the configuration. -------------------------------------------------------------------------------- Update Information: * An internal review discovered that specially crafted Lua function names could lead to XSS. https://bugzilla.wikimedia.org/show_bug.cgi?id=46084 * Daniel Franke reported that during SVG parsing, MediaWiki failed to prevent XML external entity (XXE) processing. This could lead to local file disclosure, or potentially remote command execution in environments that have enabled expect:// handling. https://bugzilla.wikimedia.org/show_bug.cgi?id=46859 * Internal review also discovered that Special:Import, and Extension:RSS failed to prevent XML external entity (XXE) processing. https://bugzilla.wikimedia.org/show_bug.cgi?id=47251 -------------------------------------------------------------------------------- References: [ 1 ] Bug #952581 - mediawiki-1.20.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=952581 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update mediawiki' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
