[MediaWiki-announce] MediaWiki 1.13.2, 1.12.1 security update
Tim Starling
tstarling at wikimedia.org
Thu Oct 2 16:03:25 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This is a security and bugfix release of MediaWiki 1.12 and MediaWiki
1.13. A vulnerability has been discovered which allows arbitrary HTML
injection and thus possible user account compromise. The vulnerability
is only present when $wgUseSiteCss is turned on, which is the
default. Versions 1.11 and earlier are NOT vulnerable, nor is
development branch later than July 28, 2008.
Also, there was the potential for a subtle user error while editing
$wgGroupPermissions in LocalSettings.php to cause all restrictions to
be disabled. This has been rectified.
Full release notes:
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_13_2/phase3/RELEASE-NOTES
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_12_1/phase3/RELEASE-NOTES
See below for downloads.
**********************************************************************
MEDIAWIKI 1.13.2
**********************************************************************
Download:
http://download.wikimedia.org/mediawiki/1.13/mediawiki-1.13.2.tar.gz
Patch to previous version (1.13.1), without interface text:
http://download.wikimedia.org/mediawiki/1.13/mediawiki-1.13.2.patch.gz
Interface text changes:
http://download.wikimedia.org/mediawiki/1.13/mediawiki-i18n-1.13.2.patch.gz
GPG signatures:
http://download.wikimedia.org/mediawiki/1.13/mediawiki-1.13.2.tar.gz.sig
http://download.wikimedia.org/mediawiki/1.13/mediawiki-1.13.2.patch.gz.sig
http://download.wikimedia.org/mediawiki/1.13/mediawiki-i18n-1.13.2.patch.gz.sig
Public keys:
https://secure.wikimedia.org/keys.html
SHA-1 checksums:
b05bc48d3d0959f2954c0f1f8a17c2d28bbf2f30 mediawiki-1.13.2.tar.gz
a0c49a51190c129fc47d226352cb4fa720151921 mediawiki-1.13.2.patch.gz
837c7d26e9957ee4e8cd952777809cb8dbe2aea8 mediawiki-i18n-1.13.2.patch.gz
MD5 checksums:
74f1877802b663ade2b25ae9e35eef94 mediawiki-1.13.2.tar.gz
f3fb6f268f82b9a2287a64d739cdf76f mediawiki-1.13.2.patch.gz
c9593580018eb54f5bd5cf6b1f88331e mediawiki-i18n-1.13.2.patch.gz
**********************************************************************
MEDIAWIKI 1.12.1
**********************************************************************
Download:
http://download.wikimedia.org/mediawiki/1.12/mediawiki-1.12.1.tar.gz
Patch to previous version (1.12.0), without interface text:
http://download.wikimedia.org/mediawiki/1.12/mediawiki-1.12.1.patch.gz
Interface text changes:
http://download.wikimedia.org/mediawiki/1.12/mediawiki-i18n-1.12.1.patch.gz
GPG signatures:
http://download.wikimedia.org/mediawiki/1.12/mediawiki-1.12.1.tar.gz.sig
http://download.wikimedia.org/mediawiki/1.12/mediawiki-1.12.1.patch.gz.sig
http://download.wikimedia.org/mediawiki/1.12/mediawiki-i18n-1.12.1.patch.gz.sig
Public keys:
https://secure.wikimedia.org/keys.html
SHA-1 checksums:
652e4de6be737d26938041e406fb523713104724 mediawiki-1.12.1.tar.gz
402dd9161bd8d12871210aacc5080a9c775b44b4 mediawiki-1.12.1.patch.gz
1cd7f13cfa1d33ba38fdbd5ba390b78b742cad78 mediawiki-i18n-1.12.1.patch.gz
MD5 checksums:
032cce49559e406ce8890608484cc610 mediawiki-1.12.1.tar.gz
c35ab55de943287bb9d81bd2f47e65a7 mediawiki-1.12.1.patch.gz
e674e4f3e096a14c56273d715d895be5 mediawiki-i18n-1.12.1.patch.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFI5PDMdWgrCOij/sQRArC8AJ9DWwmViFF645RJmSJww6EWlmVhVQCgq3vz
3GLLAXxRjUw3lJiTJzxWf7U=
=F/Zo
-----END PGP SIGNATURE-----
More information about the MediaWiki-announce
mailing list