brion at pobox
Dec 4, 2005, 3:31 AM
Post #1 of 1
(1303 views)
Permalink
|
|
MediaWiki 1.5.3 released [SECURITY]
|
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
MediaWiki 1.5.3 is a security and bugfix maintenance release.
Validation of the user language option was broken by a code change in
May 2005, opening the possibility of remote code execution as this
parameter is used in forming a class name dynamically created with
eval().
The validation has been corrected in this version. All prior 1.5 release
and prerelease versions are affected; 1.4 and earlier and not affected.
Additionally several bugs have been fixed; see the changelog in the
release notes for a complete list.
Release notes:
http://sourceforge.net/project/shownotes.php?release_id=375755
Download:
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.5.3.tar.gz?download
MD5 checksum:
fc697787f04208d1842a2c646deca626 mediawiki-1.5.3.tar.gz
SHA-1 checksum:
070189e29ace2ef9ab0589db42ecf849f2b88ee5 mediawiki-1.5.3.tar.gz
Before asking for help, try the FAQ:
http://meta.wikimedia.org/wiki/MediaWiki_FAQ
Low-traffic release announcements mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce
Wiki admin help mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Bug report system:
http://bugzilla.wikimedia.org/
Play "stump the developers" live on IRC:
#mediawiki on irc.freenode.net
- -- brion vibber (brion @ pobox.com / brion @ wikimedia.org)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFDktOvwRnhpk1wk44RAi/tAJ9NlfTJTqW+9xTC6xaeOple14hFLQCgpyBn
/hIyYleol9gFbHfMgzJCyy8=
=fdzu
-----END PGP SIGNATURE-----
_______________________________________________
MediaWiki-announce mailing list
MediaWiki-announce [at] wikimedia
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce
|
