diff options
| author | tron <tron@pkgsrc.org> | 2010-03-09 10:51:51 +0000 |
|---|---|---|
| committer | tron <tron@pkgsrc.org> | 2010-03-09 10:51:51 +0000 |
| commit | b3d4c24c2f660734908aebd9c691870b5a33d5fb (patch) | |
| tree | 3d49c55dd60ebb45d7215cd86b224c724acf5d93 | |
| parent | 87b5ae6043668d8b951a7b96fcabf9321566f48b (diff) | |
| download | pkgsrc-b3d4c24c2f660734908aebd9c691870b5a33d5fb.tar.gz | |
Pullup ticket #3046 - requested by martti
mediawiki: security update
Revisions pulled up:
- www/mediawiki/Makefile 1.10
- www/mediawiki/distinfo 1.6
---
Module Name: pkgsrc
Committed By: martti
Date: Tue Mar 9 05:16:42 UTC 2010
Modified Files:
pkgsrc/www/mediawiki: Makefile distinfo
Log Message:
Updated www/mediawiki to 1.15.2
Two security issues were discovered:
A CSS validation issue was discovered which allows editors to display
external images in wiki pages. This is a privacy concern on public
wikis, since a malicious user may link to an image on a server they
control, which would allow that attacker to gather IP addresses and
other information from users of the public wiki. All sites running
publicly-editable MediaWiki installations are advised to upgrade. All
versions of MediaWiki (prior to this one) are affected.
A data leakage vulnerability was discovered in thumb.php which affects
wikis which restrict access to private files using img_auth.php, or
some similar scheme. All versions of MediaWiki since 1.5 are affected.
Deleting thumb.php is a suitable workaround for private wikis which do
not use $wgThumbnailScriptPath or $wgLocalRepo['thumbScriptUrl'].
Alternatively, you can upgrade to MediaWiki 1.15.2 or backport the
patch below to whatever version of MediaWiki you are using.
| -rw-r--r-- | www/mediawiki/Makefile | 4 | ||||
| -rw-r--r-- | www/mediawiki/distinfo | 8 |
2 files changed, 6 insertions, 6 deletions
diff --git a/www/mediawiki/Makefile b/www/mediawiki/Makefile index d857ae9eac9..ed354290124 100644 --- a/www/mediawiki/Makefile +++ b/www/mediawiki/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.9 2009/08/04 09:35:45 martti Exp $ +# $NetBSD: Makefile,v 1.9.4.1 2010/03/09 10:51:51 tron Exp $ DISTNAME= mediawiki-${VER}.${PVER} CATEGORIES= www @@ -20,7 +20,7 @@ INSTALLATION_DIRS= ${EGDIR} share/mediawiki PKG_INSTALLATION_TYPES= overwrite pkgviews VER= 1.15 -PVER= 1 +PVER= 2 APACHE_USER?= www APACHE_GROUP?= www diff --git a/www/mediawiki/distinfo b/www/mediawiki/distinfo index 8c08d2c6c2c..ac1f33a66e1 100644 --- a/www/mediawiki/distinfo +++ b/www/mediawiki/distinfo @@ -1,5 +1,5 @@ -$NetBSD: distinfo,v 1.5 2009/08/04 09:35:45 martti Exp $ +$NetBSD: distinfo,v 1.5.4.1 2010/03/09 10:51:51 tron Exp $ -SHA1 (mediawiki-1.15.1.tar.gz) = bc6fa790b7738892c6b415fc76658a976763715d -RMD160 (mediawiki-1.15.1.tar.gz) = 437c5337e524dc2e3e23ab9bf10fe10f3be5886a -Size (mediawiki-1.15.1.tar.gz) = 10826029 bytes +SHA1 (mediawiki-1.15.2.tar.gz) = c1e7e7243a052f3f9719f78573980c16f25da4b2 +RMD160 (mediawiki-1.15.2.tar.gz) = 46171059799d5a74b535523f562d3a5db7066f55 +Size (mediawiki-1.15.2.tar.gz) = 11469228 bytes |