Search results
Search results
Fedora security update to mediawiki
([Security]
Posted Aug 7, 2007 17:05 UTC (Tue)
by ris )
-2007-1442
2007-08-06 10:56:19.560348
--------------------------------------------------------------------------------
Name : mediawiki
Product : Fedora 7
Version : 1.9.3
Release : 34.0.2.fc7
Summary : A wiki engine
Description :
MediaWiki is the software used for Wikipedia and the other Wikimedia
Foundation websites. Compared to other wikis, it has an excellent
range of features and support for high-traffic websites using multiple
servers
This package supports wiki farms. Copy /var/www/wiki over to the
desired wiki location and configure it through the web
interface. Remember to remove the config dir after completing the
configuration.
--------------------------------------------------------------------------------
Update Information:
This update fixes the following vulnerability:
"Cross-site scripting (XSS) vulnerability in the AJAX features in
index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is
enabled, allows remote attackers to inject arbitrary web script
or HTML via a UTF-7 encoded value of the rs parameter, which is
processed by Internet Explorer."
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 6 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.9.3-34.0.1
- Bump release to please koji/CVS.
* Thu Feb 22 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.9.3-34
- Update to 1.9.4.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #250819
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=250819
[ 2 ] CVE-2007-1054