Mageia alert MGASA-2013-0221 (mediawiki) [LWN.net]


From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2013-0221: Updated mediawiki packages fix
 security vulnerability 
Date:
    	       Sun, 21 Jul 2013 10:57:48 +0200
Message-ID:
    	       <20130721085748.4944341D4F@valstar.mageia.org>
Archive-link:
    	       Article, Thread
              
MGASA-2013-0221 - Updated mediawiki packages fix security vulnerability

Publication date: 21 Jul 2013
URL: http://advisories.mageia.org/MGASA-2013-0221.html
Type: security
Affected Mageia releases: 3
CVE: CVE-2013-2114

Description:
MediaWiki user Marco discovered that security checks for file uploads were
not being run when the file was uploaded in chunks through the API. This
option has been available to users who can upload files since MediaWiki
1.19 (CVE-2013-2114).

References:
- https://bugs.mageia.org/show_bug.cgi?id=10784
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2...
- https://www.mediawiki.org/wiki/Release_notes/1.20#MediaWi...
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2114

SRPMS:
- 3/core/mediawiki-1.20.6-1.2.mga3
(Log in to post comments)