pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/www/mediawiki Updated www/mediawiki to 1.15.4
details: https://anonhg.NetBSD.org/pkgsrc/rev/e79f8cc30a32
branches: trunk
changeset: 575986:e79f8cc30a32
user: martti <martti%pkgsrc.org@localhost>
date: Fri May 28 08:11:32 2010 +0000
description:
Updated www/mediawiki to 1.15.4
This is a security and bugfix release of MediaWiki 1.15.4.
Two security vulnerabilities were discovered.
Kuriaki Takashi discovered an XSS vulnerability in MediaWiki. It
affects Internet Explorer clients only. The issue is presumed to
affect all recent versions of IE, it has been confirmed on IE 6 and 8.
Noncompliant CSS parsing behaviour in Internet Explorer allows
attackers to construct CSS strings which are treated as safe by
previous versions of MediaWiki, but are decoded to unsafe strings by
Internet Explorer. Full details can be found at:
https://bugzilla.wikimedia.org/show_bug.cgi?id=23687
A CSRF vulnerability was discovered in our login interface. Although
regular logins are protected as of 1.15.3, it was discovered that the
account creation and password reset features were not protected from
CSRF. This could lead to unauthorised access to private wikis. See
https://bugzilla.wikimedia.org/show_bug.cgi?id=23371 for details.
These vulnerabilities are serious and all users are advised to
upgrade. Remember that CSRF and XSS vulnerabilities can be used even
against firewall-protected intranet installations, as long as the
attacker can guess the URL.
diffstat:
www/mediawiki/Makefile | 4 ++--
www/mediawiki/distinfo | 8 ++++----
2 files changed, 6 insertions(+), 6 deletions(-)
diffs (31 lines):
diff -r b0610f7b2d78 -r e79f8cc30a32 www/mediawiki/Makefile
--- a/www/mediawiki/Makefile Fri May 28 07:40:35 2010 +0000
+++ b/www/mediawiki/Makefile Fri May 28 08:11:32 2010 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.11 2010/04/07 05:40:11 martti Exp $
+# $NetBSD: Makefile,v 1.12 2010/05/28 08:11:32 martti Exp $
DISTNAME= mediawiki-${VER}.${PVER}
CATEGORIES= www
@@ -20,7 +20,7 @@
PKG_INSTALLATION_TYPES= overwrite pkgviews
VER= 1.15
-PVER= 3
+PVER= 4
APACHE_USER?= www
APACHE_GROUP?= www
diff -r b0610f7b2d78 -r e79f8cc30a32 www/mediawiki/distinfo
--- a/www/mediawiki/distinfo Fri May 28 07:40:35 2010 +0000
+++ b/www/mediawiki/distinfo Fri May 28 08:11:32 2010 +0000
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.7 2010/04/07 05:40:11 martti Exp $
+$NetBSD: distinfo,v 1.8 2010/05/28 08:11:32 martti Exp $
-SHA1 (mediawiki-1.15.3.tar.gz) = 891bf5fb7479c88fbb4fd155666eafe510b2f92c
-RMD160 (mediawiki-1.15.3.tar.gz) = 77e2d446672ab11832b2f913624d3358a3855651
-Size (mediawiki-1.15.3.tar.gz) = 11486661 bytes
+SHA1 (mediawiki-1.15.4.tar.gz) = c00267663a0a05ace4bd28b53b0b3b0f08dad551
+RMD160 (mediawiki-1.15.4.tar.gz) = f4879c0f9cb1b8a6f5682f9fad14010703d49c27
+Size (mediawiki-1.15.4.tar.gz) = 11531488 bytes
Home |
Main Index |
Thread Index |
Old Index