Neil Harris wrote:
Does this PHP XML_RPC implementation vulnerability affect MediaWiki at all?
MediaWiki does not use PEAR::XML_RPC or any of its relatives; thus no stock MediaWiki installation is vulnerable to any problems in PEAR::XML_RPC.
The MWSearch extension does use the PEAR::XML_RPC _client_ (not the server) code to send updates to the C#-based search server; that's a) for use on an internal network and b) probably not used by anybody out there except Wikimedia at this stage (it's in a somewhat experimental state still).
-- brion vibber (brion @ pobox.com)