83142 – Update port: www/mediawiki

Bug 83142 - Update port: www/mediawiki

Summary: Update port: www/mediawiki

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	freebsd-ports-bugs (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2005-07-08 14:30 UTC by Gerrit Beine
Modified:	2005-07-08 14:52 UTC (History)
CC List:	0 users

See Also:

Attachments
file.diff (753 bytes, patch) 2005-07-08 14:30 UTC, Gerrit Beine	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Gerrit Beine 2005-07-08 14:30:08 UTC

Taken from MediaWiki 1.4.6 announcement:

MediaWiki 1.4.6 is a bug fix and security update release.

Incorrect escaping of a parameter in the page move template could
be used to inject JavaScript code by getting a victim to visit a
maliciously constructed URL. Users of vulnerable releases are
recommended to upgrade to this release.

Vulnerable versions:
* 1.5 preview series: n <= 1.5beta2 vulnerable, fixed in 1.5beta3
* 1.4 stable series: 1.4beta6 <= n <= 1.4.5 vulnerable, fixed in 1.4.6
* 1.3 legacy series: not vulnerable

This release also includes fixes for some rare bug annoying HTTP errors,
a PHP 4.1.2 breakage bug, and works around some template limitations
introduced in 1.4.5. See the changelog in the release notes for a
detailed list of bugs fixed.

Comment 1 Pav Lucistnik freebsd_committer

2005-07-08 14:51:54 UTC

State Changed
From-To: open->closed

Committed, thanks!