[Systems] Fwd: [MediaWiki-announce] MediaWiki Security Releases: 1.22.2, 1.21.5 and 1.19.11
Raúl Gutiérrez Segalés
rgs at itevenworks.net
Tue Jan 28 16:39:32 EST 2014
Thanks Bernie!
On 28 January 2014 13:37, Bernie Innocenti <bernie at codewiz.org> wrote:
> Our setup shouldn't be affected, but as a precaution I'm upgrading to
> the head of the MW 1.22 branch.
>
> -------- Original Message --------
> Subject: [MediaWiki-announce] MediaWiki Security Releases: 1.22.2,
> 1.21.5 and 1.19.11
> Date: Tue, 28 Jan 2014 13:27:50 -0800
> From: Chris Steipp <csteipp at wikimedia.org>
> To: mediawiki-announce at lists.wikimedia.org, MediaWiki-l
> <mediawiki-l at lists.wikimedia.org>, Wikimedia developers
> <wikitech-l at lists.wikimedia.org>
>
> I would like to announce the release of MediaWiki 1.22.2, 1.21.5 and
> 1.19.11.
>
> Your MediaWiki installation is affected by a remote code execution
> vulnerability if you have enabled file upload support for DjVu (natively
> supported by MediaWiki) or PDF files (in combination with the PdfHandler
> extension). Neither file type is enabled by default in MediaWiki
> installations. If you are affected, we strongly urge you to update
> immediately.
>
> Affected supported versions: All
>
> == Security fixes ==
>
> * Netanel Rubin from Check Point discovered a remote code execution
> vulnerability in MediaWiki's thumbnail generation for DjVu files. Internal
> review also discovered similar logic in the PdfHandler extension, which
> could be exploited in a similar way. (CVE-2014-1610)
> <https://bugzilla.wikimedia.org/show_bug.cgi?id=60339>
>
> == Bug Fixes in 1.22.2 ==
> * (bug 58253) Check for very old PCRE versions in installer and updater
> * (bug 60054) Make WikiPage::$mPreparedEdit public
>
>
> Full release notes for 1.22.1:
> <https://www.mediawiki.org/wiki/Release_notes/1.22>
>
> Full release notes for 1.21.4:
> <https://www.mediawiki.org/wiki/Release_notes/1.21>
>
> Full release notes for 1.19.9:
> <https://www.mediawiki.org/wiki/Release_notes/1.19>
>
> For information about how to upgrade, see
> <https://www.mediawiki.org/wiki/Manual:Upgrading>
>
>
> **********************************************************************
> 1.22.2
> **********************************************************************
> Download:
> http://download.wikimedia.org/mediawiki/1.22/mediawiki-1.22.2.tar.gz
>
> Patch to previous version (1.22.1):
> http://download.wikimedia.org/mediawiki/1.22/mediawiki-1.22.2.patch.gz
>
> GPG signatures:
>
> http://download.wikimedia.org/mediawiki/1.22/mediawiki-core-1.22.2.tar.gz.sig
> http://download.wikimedia.org/mediawiki/1.22/mediawiki-1.22.2.tar.gz.sig
> http://download.wikimedia.org/mediawiki/1.22/mediawiki-1.22.2.patch.gz.sig
>
> http://download.wikimedia.org/mediawiki/1.22/mediawiki-i18n-1.22.2.patch.gz.sig
>
> Public keys:
> https://www.mediawiki.org/keys/keys.html
>
> **********************************************************************
> 1.21.5
> **********************************************************************
> Download:
> http://download.wikimedia.org/mediawiki/1.21/mediawiki-1.21.5.tar.gz
>
> Patch to previous version (1.21.4):
> http://download.wikimedia.org/mediawiki/1.21/mediawiki-1.21.5.patch.gz
>
> GPG signatures:
>
> http://download.wikimedia.org/mediawiki/1.21/mediawiki-core-1.21.5.tar.gz.sig
> http://download.wikimedia.org/mediawiki/1.21/mediawiki-1.21.5.tar.gz.sig
> http://download.wikimedia.org/mediawiki/1.21/mediawiki-1.21.5.patch.gz.sig
>
> http://download.wikimedia.org/mediawiki/1.21/mediawiki-i18n-1.21.5.patch.gz.sig
>
> Public keys:
> https://www.mediawiki.org/keys/keys.html
>
> **********************************************************************
> 1.19.11
> **********************************************************************
> Download:
> http://download.wikimedia.org/mediawiki/1.19/mediawiki-1.19.11.tar.gz
>
> Patch to previous version (1.19.10):
> http://download.wikimedia.org/mediawiki/1.19/mediawiki-1.19.11.patch.gz
>
> GPG signatures:
>
> http://download.wikimedia.org/mediawiki/1.19/mediawiki-core-1.19.11.tar.gz.sig
> http://download.wikimedia.org/mediawiki/1.19/mediawiki-1.19.11.tar.gz.sig
> http://download.wikimedia.org/mediawiki/1.19/mediawiki-1.19.11.patch.gz.sig
>
> http://download.wikimedia.org/mediawiki/1.19/mediawiki-i18n-1.19.11.patch.gz.sig
>
> Public keys:
> https://www.mediawiki.org/keys/keys.html
>
> **********************************************************************
> Extension:PdfHandler
> **********************************************************************
> Information and Download:
> https://www.mediawiki.org/wiki/Extension:PdfHandler
> _______________________________________________
> MediaWiki announcements mailing list
> To unsubscribe, go to:
> https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
>
>
> _______________________________________________
> Systems mailing list
> Systems at lists.sugarlabs.org
> http://lists.sugarlabs.org/listinfo/systems
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sugarlabs.org/private/systems/attachments/20140128/d5a15f35/attachment.html>
More information about the Systems
mailing list