brion at pobox
Feb 4, 2007, 3:44 PM
Post #1 of 1
(1126 views)
Permalink
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This is a bug-fix update that fixes some installation and other minor
issues with the 1.9.1 release as well as a security issue which was
introduced in the 1.9 branch.
JavaScript code which regenerated the "sortable tables" feature did
not properly sanitize input, leading to an HTML injection vulnerability.
* (bug 8774) Fix path for GNU FDL rights icon on new installs
* (bug 8819) Fix full path disclosure with skins dependencies
* (bug 4268) Fixed data-loss bug in compressOld batch text compression
affecting pages which had null edits (move, protect, etc) as second
edit in a batch group. Isolated and patched by Travis Derouin.
* Security fix for sortable tables JavaScript
All users of 1.9.x should upgrade.
Full release notes:
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_2/phase3/RELEASE-NOTES
Download:
http://download.wikimedia.org/mediawiki/1.9/mediawiki-1.9.2.tar.gz
http://download.wikimedia.org/mediawiki/1.9/mediawiki-1.9.2.patch
MD5 checksums:
c11aa0fd7ac10529606511913649a411 mediawiki-1.9.2.tar.gz
b08777601899686bf4e672766ee5e49e mediawiki-1.9.2.patch
SHA-1 checksums:
2f63cba903444b0dc6559df29c57d1789c1284d1 mediawiki-1.9.2.tar.gz
dcb64452dbe7d7563264e3883c657e70aabaa1ac mediawiki-1.9.2.patch
PGP signatures:
http://download.wikimedia.org/mediawiki/1.9/mediawiki-1.9.2.tar.gz.sig
http://download.wikimedia.org/mediawiki/1.9/mediawiki-1.9.2.patch.sig
Before asking for help, try the FAQ:
http://www.mediawiki.org/wiki/Manual:FAQ
Low-traffic release announcements mailing list:
(Please subscribe to receive announcements of security updates.)
http://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
Wiki admin help mailing list:
http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Bug report system:
http://bugzilla.wikimedia.org/
Play "stump the developers" live on IRC:
#mediawiki on irc.freenode.net
- -- brion vibber (brion @ pobox.com / brion @ wikimedia.org)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFxm/1wRnhpk1wk44RAkIgAKCZcw0n3eDiadhJWVOhdozYushdvACgkncP
BE30fPhajW8upgXvMfjP2/w=
=0qZv
-----END PGP SIGNATURE-----
_______________________________________________
MediaWiki-announce mailing list
MediaWiki-announce[at]lists.wikimedia.org
http://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
|
