Tim Starling wrote:
In the meantime, site administrators can apply the following patch to their 1.5 or 1.6 installations:
http://mail.wikipedia.org/pipermail/mediawiki-cvs/2006-January/013086.html
Users of 1.4 should either upgrade to 1.5 or disable uploads.
Since the default upload filetype whitelist includes only some image types which are verified at upload time with getimagesize() type checking, the default configuration plus uploads enabled should not allow for such uploads.
If you have added other extensions to the whitelist which aren't recognized internally (eg, OGG), then you should be careful as above.
-- brion vibber (brion @ pobox.com)