Sicherheit: Mehrere Probleme in mediawiki
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in mediawiki
ID: FEDORA-2017-05cb6287b7
Distribution: Fedora
Plattformen: Fedora 26
Datum: Do, 13. April 2017, 16:47
Referenzen: https://bugzilla.redhat.com/show_bug.cgi?id=1400170
Applikationen: MediaWiki



Fedora Update Notification
2017-04-13 14:07:06.378140

Name : mediawiki
Product : Fedora 26
Version : 1.28.1
Release : 2.fc26
URL : http://www.mediawiki.org/
Summary : A wiki engine
Description :
MediaWiki is the software used for Wikipedia and the other Wikimedia
Foundation websites. Compared to other wikis, it has an excellent
range of features and support for high-traffic websites using multiple

This package supports wiki farms. Read the instructions for creating wiki
instances under /usr/share/doc/mediawiki/README.RPM.
Remember to remove the config dir after completing the configuration.


Update Information:

https://www.mediawiki.org/wiki/Release_notes/1.28#MediaWiki_1.28.1 Changes
since 1.28.0 * $wgRunJobsAsync is now false by default (T142751). This change
only affects wikis with $wgJobRunRate > 0. * Fix fatal from
not being found, experienced when a wiki has more than one database server
setup. * (T152717) Better escaping for PHP mail() command * (T154670) A
method causing the MySQL installer to fatal in rare circumstances was
* (T154672) Un-deprecate ArticleAfterFetchContentObject hook. * (T158766)
SQL error on MSSQL when using selectRowCount() * (T145635) Fix too long index
error when installing with MSSQL * (T156184) $wgRawHtml will no longer apply
internationalization messages. * (T160519) CACHE_ANYTHING will not be
CACHE_ACCEL if no accelerator is installed. * (T154872) Fix incorrect
ar_usertext_timestamp index names in new 1.28 installs. * (T109140) (T122209)
SECURITY: Special:UserLogin and Special:Search allow redirect to interwiki
links. * (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when
$wgAdvancedSearchHighlighting is true. * (T125177) SECURITY: API parameters
now be marked as "sensitive" to keep their values out of the logs. *
SECURITY: "Mark all pages visited" on the watchlist now requires a CSRF
token. *
(T156184) SECURITY: Escape content model/format url parameter in message. *
(T151735) SECURITY: SVG filter evasion using default attribute values in DTD
declaration. * (T161453) SECURITY: LocalisationCache will no longer use the
temporary directory in it's fallback chain when trying to work out where
write the cache. * (T48143) SECURITY: Spam blacklist ineffective on encoded
inside file inclusion syntax's link parameter.


[ 1 ] Bug #1400170 - mediawiki-1.28.1 is available

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade mediawiki' at the command line.
For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Pro-Linux @Facebook
Neue Nachrichten