Brion Vibber wrote:
Nick Jenkins wrote:
Please note that MediaWiki 1.6 (current stable) does NOT appear to be affected. However current SVN and the live Wikipedia are affected by this vulnerability.
As I understand it, this was fixed a few hours ago, and was present for just a few hours before that; so if you updated from SVN trunk in the last day, make sure you update again. :)
This sort of thing really doesn't need to be reported to wikitech-l. There are transient bugs in the trunk all the time, we make no guarantee about its security or stability. Any security problem on Wikipedia can be fixed in a few minutes by reporting it by private message on IRC.
-- Tim Starling