Neil Harris wrote:
Does this PHP XML_RPC implementation vulnerability
affect MediaWiki at all?
http://www.hardened-php.net/advisory_142005.66.html
MediaWiki does not use PEAR::XML_RPC or any of its relatives; thus no
stock MediaWiki installation is vulnerable to any problems in PEAR::XML_RPC.
The MWSearch extension does use the PEAR::XML_RPC _client_ (not the
server) code to send updates to the C#-based search server; that's a)
for use on an internal network and b) probably not used by anybody out
there except Wikimedia at this stage (it's in a somewhat experimental
state still).
-- brion vibber (brion @
pobox.com)