Fedora 9: 2009-2237 Moderate Security Advisory on MediaWiki XSS Risks

MediaWiki is the software used for Wikipedia and the other Wikimedia

Foundation websites. Compared to other wikis, it has an excellent

range of features and support for high-traffic websites using multiple

servers

This package supports wiki farms. Copy /var/www/wiki over to the

desired wiki location and configure it through the web

interface. Remember to remove the config dir after completing the

configuration.

This update fixes the XSS vulnerabilities in 1.13.3 and splits the package into

a non-math and a full package to allow for smaller installs where embedded math

is not required.

* Sat Feb 28 2009 Axel Thimm - 1.14.0-45

- Update to 1.14.0.

* Sun Feb 22 2009 Axel Thimm - 1.13.4-44

- Split package up, so some users can decide to not install math

support (results in smaller installs), see RH bug #485447.

* Wed Feb 18 2009 Axel Thimm - 1.13.4-43

- Update to 1.13.4, closes RH bug #485728.

* Tue Dec 23 2008 Axel Thimm - 1.13.3-42

- Update to 1.13.3, closes RH bug #476621 (CVE-2008-5249,

CVE-2008-5250, CVE-2008-5252 and CVE-2008-5687, CVE-2008-5688)

* Sun Oct 5 2008 Axel Thimm - 1.13.2-41

- Update to 1.13.2.

* Sun Aug 24 2008 Axel Thimm - 1.13.0-40

- Use consistently Patch0 and %patch0.

* Sat Aug 16 2008 Axel Thimm - 1.13.0-39

- Update to 1.13.0.

* Wed May 21 2008 Tom "spot" Callaway 1.10.4-40

- fix license tag

[ 1 ] Bug #487489 - CVE-2009-0737 mediawiki: multiple XSS issues in the installer

https://bugzilla.redhat.com/show_bug.cgi?id=487489

su -c 'yum update mediawiki' at the command line.

For more information, refer to "Managing Software with yum",

available at .

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/