Nick Jenkins wrote:
Unlike the previous one, this one affects the live Wikipedia too (i.e. tidy does not prevent it).
Vuln is here: http://nickj.org/MediaWiki/Parser25
Fixed in r14349. I'll go over your others and put out fix releases shortly.
One-line patch available here: http://svn.wikimedia.org/viewvc/mediawiki?view=rev&revision=14349
-- brion vibber (brion @ pobox.com)