[SAC] Fwd: [MediaWiki-announce] MediaWiki 1.11.1, 1.10.3, 1.9.5 released

Tyler Mitchell (OSGeo) tmitchell at osgeo.org
Wed Jan 23 20:11:50 EST 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Is anyone else signed up for security notices for our software?   
Here's one for mediawiki at least...

Begin forwarded message:

> From: Brion Vibber <brion at wikimedia.org>
> Date: January 23, 2008 4:59:14 PM PST (CA)
> To: mediawiki-announce at lists.wikimedia.org,  MediaWiki  
> announcements and site admin list <mediawiki- 
> l at lists.wikimedia.org>,  Wikimedia developers <wikitech- 
> l at lists.wikimedia.org>
> Subject: [MediaWiki-announce] MediaWiki 1.11.1, 1.10.3, 1.9.5 released
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> This is a security and bugfix release of the Fall, Spring, and Winter
> 2007 snapshot releases of MediaWiki. A potential XSS injection vector
> affecting api.php only for Microsoft Internet Explorer users has been
> closed.
>
>
> To work around the vulnerability without upgrading, you may disable  
> the
> API if you don't need it:
>
> ~  $wgEnableAPI = false;
>
> Not vulnerable versions:
> * 1.12 or later
> * 1.11 >= 1.11.1
> * 1.10 >= 1.10.3
> * 1.9 >= 1.9.5
> * 1.8 any version (if $wgEnableAPI has been left off)
>
> Vulnerable versions:
> * 1.11 <= 1.11.0rc1
> * 1.10 <= 1.10.2
> * 1.9 <= 1.9.4
> * 1.8 any version (if $wgEnableAPI has been switched on)
>
> MediaWiki 1.7 and below are not affected as they do not include
> the API functionality, however the BotQuery extension is similarly
> vulnerable unless updated to the latest SVN version.
>
>
>
> Full release notes:
> http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_11_1/phase3/ 
> RELEASE-NOTES
> http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_10_3/phase3/ 
> RELEASE-NOTES
> http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_5/phase3/ 
> RELEASE-NOTES
>
>
> Download:
> http://download.wikimedia.org/mediawiki/1.11/mediawiki-1.11.1.tar.gz
> http://download.wikimedia.org/mediawiki/1.11/mediawiki-1.11.1.patch
>
> http://download.wikimedia.org/mediawiki/1.10/mediawiki-1.10.3.tar.gz
> http://download.wikimedia.org/mediawiki/1.10/mediawiki-1.10.3.patch
>
> http://download.wikimedia.org/mediawiki/1.9/mediawiki-1.9.5.tar.gz
> http://download.wikimedia.org/mediawiki/1.9/mediawiki-1.9.5.patch
>
>
> GPG signatures:
> http://download.wikimedia.org/mediawiki/1.11/ 
> mediawiki-1.11.1.tar.gz.sig
> http://download.wikimedia.org/mediawiki/1.11/ 
> mediawiki-1.11.1.patch.sig
>
> http://download.wikimedia.org/mediawiki/1.10/ 
> mediawiki-1.10.3.tar.gz.sig
> http://download.wikimedia.org/mediawiki/1.10/ 
> mediawiki-1.10.3.patch.sig
>
> http://download.wikimedia.org/mediawiki/1.9/mediawiki-1.9.5.tar.gz.sig
> http://download.wikimedia.org/mediawiki/1.9/mediawiki-1.9.5.patch.sig
>
>
> SHA-1 checksums:
> d452e0013969b064a2166eeae8d03227a8ff1fa3 mediawiki-1.11.1.tar.gz
> 1de49e3f8e4cf3965f8725d8389f69259bc7345c mediawiki-1.11.1.patch
>
> 2545518fde24b9b5fe8754bbe57cf4c8413d7cd5 mediawiki-1.10.3.tar.gz
> 815930de473097aa1f2047cf8fce37cab0e39940 mediawiki-1.10.3.patch
>
> cd38fbd4dc255d13bdf5b04057469f87c9f85ae2 mediawiki-1.9.5.tar.gz
> 3a37c7146e96d471aead18bd65c951905c3a590f mediawiki-1.9.5.patch
>
>
> MD5 checksums:
> a7c9c31c3e6ab1d1137930b7dc86b2a7  mediawiki-1.11.1.tar.gz
> 206888cefca030ace4e96008d0ea4f3b  mediawiki-1.11.1.patch
>
> e5e798b400c955a519c65efab8d25192  mediawiki-1.9.5.tar.gz
> f71b5debbaa78a48740e74fe6965d3b1  mediawiki-1.9.5.patch
>
> 8a4be92512b428d6c6301febf96ea2bf  mediawiki-1.10.3.tar.gz
> eaec534dcd957d59022148f9d075d028  mediawiki-1.10.3.patch
>
>
>
> Before asking for help, try the FAQ:
> http://www.mediawiki.org/wiki/Manual:FAQ
>
> Low-traffic release announcements mailing list:
> (Please subscribe to receive announcements of security updates.)
> http://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
>
> Wiki admin help mailing list:
> http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>
> Bug report system:
> http://bugzilla.wikimedia.org/
>
> Play "stump the developers" live on IRC:
> #mediawiki on irc.freenode.net
>
> - -- brion vibber (brion @ wikimedia.org)
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2.2 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFHl+LiwRnhpk1wk44RAp2kAKDAdCn0ZJynAItqo2NRosNbWdLkfgCeOjGj
> 9zZ6KS9kj3ia+g7VLKmW15Q=
> =nrpu
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> MediaWiki-announce mailing list
> MediaWiki-announce at lists.wikimedia.org
> http://lists.wikimedia.org/mailman/listinfo/mediawiki-announce

Tyler Mitchell
Executive Director
Open Source Geospatial Foundation
tmitchell at osgeo.org
P: +1-250-277-1621
M: +1-250-303-1831


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)

iD8DBQFHl+XWaqHtbnpFV30RAuLAAKCG8LBs/E5JIu4abLNTICYSqbpAagCgthlp
HkvW+9eP/2KRPB5HEqMhZmY=
=7waD
-----END PGP SIGNATURE-----

More information about the Sac mailing list