Brion Vibber | 30 Aug 02:36 2005
Picon

MediaWiki 1.5rc4, 1.4.9, 1.3.15 released [SECURITY]


These are security and maintenance releases, which fix two cross-site
scripting bugs. All internet-facing wikis are recommended to upgrade to
the current release in their series.

Incorrect handling of <math> tags when TeX rendering is disabled, as in
the default configuration. (Wikis where the optional math support has
been *enabled* are not vulnerable.)

* 1.5 vulnerable: <= 1.5rc3  fixed: >= 1.5rc4
* 1.4 vulnerable: <= 1.4.8   fixed: >= 1.4.9
* 1.3 vulnerable: <= 1.3.14  fixed: >= 1.3.15

Incorrect handling of <nowiki> and extension tags in table styles:

* 1.5 vulnerable: <= 1.5rc3  fixed: >= 1.5rc4
* 1.4 vulnerable: <= 1.4.8   fixed: >= 1.4.9
* 1.3 not vulnerable

Additionally, 1.5rc4 fixes some compatibility issues with PHP 5.1 beta.

Release notes:
1.5rc4 http://sourceforge.net/project/shownotes.php?release_id=352778
1.4.9  http://sourceforge.net/project/shownotes.php?release_id=352777
1.3.15 http://sourceforge.net/project/shownotes.php?release_id=352776

Download:
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.5rc4.tar.gz?download
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.4.9.tar.gz?download
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.3.15.tar.gz?download
(Continue reading)


Gmane