Closed Bug 551500 Opened 16 years ago Closed 15 years ago

Upgrade all MediaWiki 1.15.x instances to 1.15.2

Categories

(mozilla.org Graveyard :: Server Operations, task)

Product:
mozilla.org Graveyard
Component:
Server Operations
Type:
task
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: reed, Assigned: oremj)

References

(
URL
)

Details

(Whiteboard: 03/18/2010 @ 7pm)

From MediaWiki security announcement released a few days ago: Two security issues were discovered: A CSS validation issue was discovered which allows editors to display external images in wiki pages. This is a privacy concern on public wikis, since a malicious user may link to an image on a server they control, which would allow that attacker to gather IP addresses and other information from users of the public wiki. All sites running publicly-editable MediaWiki installations are advised to upgrade. All versions of MediaWiki (prior to this one) are affected. A data leakage vulnerability was discovered in thumb.php which affects wikis which restrict access to private files using img_auth.php, or some similar scheme. All versions of MediaWiki since 1.5 are affected. Deleting thumb.php is a suitable workaround for private wikis which do not use $wgThumbnailScriptPath or $wgLocalRepo['thumbScriptUrl']. Alternatively, you can upgrade to MediaWiki 1.15.2 or backport the patch below to whatever version of MediaWiki you are using.
Assignee: server-ops → jeremy.orem+bugs
Flags: needs-downtime+
Whiteboard: 03/18/2010 @ 7pm
Upgraded.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Product: mozilla.org → mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.