-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
MediaWiki 1.4.6 is a bug fix and security update release.
Incorrect escaping of a parameter in the page move template could
be used to inject JavaScript code by getting a victim to visit a
maliciously constructed URL. Users of vulnerable releases are
recommended to upgrade to this release.
Vulnerable versions:
* 1.5 preview series: n <= 1.5beta2 vulnerable, fixed in 1.5beta3
* 1.4 stable series: 1.4beta6 <= n <= 1.4.5 vulnerable, fixed in 1.4.6
* 1.3 legacy series: not vulnerable
This release also includes fixes for some rare bug annoying HTTP errors,
a PHP 4.1.2 breakage bug, and works around some template limitations
introduced in 1.4.5. See the changelog in the release notes for a
detailed list of bugs fixed.
Release notes:
http://sourceforge.net/project/shownotes.php?release_id=340290
Download:
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.4.6.tar.gz?download
MD5 checksum: f4f82bd486756c279f0c1977b290ce3b
Before asking for help, try the FAQ:
http://meta.wikimedia.org/wiki/MediaWiki_FAQ
Low-traffic release announcements mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce
Wiki admin help mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Bug report system:
http://bugzilla.wikimedia.org/
Play "stump the developers" live on IRC:
#mediawiki on irc.freenode.net
- -- brion vibber (brion @ pobox.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCzNsWwRnhpk1wk44RAk3LAJ4/DBDT4Vu6YPIYwYntImUJ/AXBRACfWCsm
PCtY9QynW6h4RnSSShcCSvQ=
=u2ZE
-----END PGP SIGNATURE-----
Hash: SHA1
MediaWiki 1.4.6 is a bug fix and security update release.
Incorrect escaping of a parameter in the page move template could
be used to inject JavaScript code by getting a victim to visit a
maliciously constructed URL. Users of vulnerable releases are
recommended to upgrade to this release.
Vulnerable versions:
* 1.5 preview series: n <= 1.5beta2 vulnerable, fixed in 1.5beta3
* 1.4 stable series: 1.4beta6 <= n <= 1.4.5 vulnerable, fixed in 1.4.6
* 1.3 legacy series: not vulnerable
This release also includes fixes for some rare bug annoying HTTP errors,
a PHP 4.1.2 breakage bug, and works around some template limitations
introduced in 1.4.5. See the changelog in the release notes for a
detailed list of bugs fixed.
Release notes:
http://sourceforge.net/project/shownotes.php?release_id=340290
Download:
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.4.6.tar.gz?download
MD5 checksum: f4f82bd486756c279f0c1977b290ce3b
Before asking for help, try the FAQ:
http://meta.wikimedia.org/wiki/MediaWiki_FAQ
Low-traffic release announcements mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce
Wiki admin help mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Bug report system:
http://bugzilla.wikimedia.org/
Play "stump the developers" live on IRC:
#mediawiki on irc.freenode.net
- -- brion vibber (brion @ pobox.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCzNsWwRnhpk1wk44RAk3LAJ4/DBDT4Vu6YPIYwYntImUJ/AXBRACfWCsm
PCtY9QynW6h4RnSSShcCSvQ=
=u2ZE
-----END PGP SIGNATURE-----