pkgsrc.se | The NetBSD package collection

./www/mediawiki, Free software wiki package originally written for Wikipedia

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2010Q1, Version: 1.15.4, Package name: mediawiki-1.15.4, Maintainer: martti

MediaWiki is free server-based software which is licensed under the GNU
General Public License (GPL). It's designed to be run on a large server
farm for a website that gets millions of hits per day. MediaWiki is an
extremely powerful, scalable software and a feature-rich wiki implementation,
that uses PHP to process and display data stored in its MySQL database.

Required to run:
[databases/php-mysql]

Required to build:
[lang/perl5] [www/apache22]

Package options: mysql

Master sites:

http://download.wikimedia.org/mediawiki/1.15/ (Download)

SHA1: c00267663a0a05ace4bd28b53b0b3b0f08dad551
RMD160: f4879c0f9cb1b8a6f5682f9fad14010703d49c27
Filesize: 11261.219 KB

Version history: (Expand)

(2010-05-30) Updated to version: mediawiki-1.15.4
(2010-04-09) Package added to pkgsrc.se, version mediawiki-1.15.3 (created)

CVS history: (Expand)

2010-05-29 10:26:40 by Matthias Scheler | Files touched by this commit (2) | Package updated

Log message:
Pullup ticket #3130 - requested by martti
www/mediawiki: security update

Revisions pulled up:
- www/mediawiki/Makefile		1.12
- www/mediawiki/distinfo		1.8
---
Module Name:	pkgsrc
Committed By:	martti
Date:		Fri May 28 08:11:32 UTC 2010

Modified Files:
	pkgsrc/www/mediawiki: Makefile distinfo

Log message:
Updated www/mediawiki to 1.15.4

This is a security and bugfix release of MediaWiki 1.15.4.

Two security vulnerabilities were discovered.

Kuriaki Takashi discovered an XSS vulnerability in MediaWiki. It
affects Internet Explorer clients only. The issue is presumed to
affect all recent versions of IE, it has been confirmed on IE 6 and 8.

Noncompliant CSS parsing behaviour in Internet Explorer allows
attackers to construct CSS strings which are treated as safe by
previous versions of MediaWiki, but are decoded to unsafe strings by
Internet Explorer. Full details can be found at:
https://bugzilla.wikimedia.org/show_bug.cgi?id=23687

A CSRF vulnerability was discovered in our login interface. Although
regular logins are protected as of 1.15.3, it was discovered that the
account creation and password reset features were not protected from
CSRF. This could lead to unauthorised access to private wikis. See
https://bugzilla.wikimedia.org/show_bug.cgi?id=23371 for details.

These vulnerabilities are serious and all users are advised to
upgrade. Remember that CSRF and XSS vulnerabilities can be used even
against firewall-protected intranet installations, as long as the
attacker can guess the URL.