[Scummvm-devel] Wiki update

Thierry Crozat criezy at scummvm.org
Sun May 30 11:19:48 CEST 2010


Update of the wiki to version 1.15.4 is now completed. Please let me  
know if you have any problem with this version.

Thierry

Le 29 mai 10 à 14:12, Thierry Crozat a écrit :

> Hi all,
>
> I am planning to update our wiki to MediaWiki 1.15.4 on Sunday
> morning (i.e. tomorrow morning) around 10am UK time. This is a small
> update and it shouldn't take long. As usual I will set the wiki in
> read-only and do a backup before proceeding. I will also be on IRC
> all the while.
>
> If this time frame is a problem for you, please let me know and I
> will postpone the update to Monday morning.
>
> Thierry
>
>
> NB: Here is what the MediaWiki team had to say on the update:
>
> Two security vulnerabilities were discovered.
>
> Kuriaki Takashi discovered an XSS vulnerability in MediaWiki. It
> affects Internet Explorer clients only. The issue is presumed to
> affect all recent versions of IE, it has been confirmed on IE 6 and 8.
>
> Noncompliant CSS parsing behaviour in Internet Explorer allows
> attackers to construct CSS strings which are treated as safe by
> previous versions of MediaWiki, but are decoded to unsafe strings by
> Internet Explorer. Full details can be found at:
> https://bugzilla.wikimedia.org/show_bug.cgi?id=23687
>
> A CSRF vulnerability was discovered in our login interface. Although
> regular logins are protected as of 1.15.3, it was discovered that the
> account creation and password reset features were not protected from
> CSRF. This could lead to unauthorised access to private wikis. See
> https://bugzilla.wikimedia.org/show_bug.cgi?id=23371 for details.
>
> These vulnerabilities are serious and all users are advised to
> upgrade. Remember that CSRF and XSS vulnerabilities can be used even
> against firewall-protected intranet installations, as long as the
> attacker can guess the URL.
>
>
> ---------------------------------------------------------------------- 
> --------
>
> _______________________________________________
> Scummvm-devel mailing list
> Scummvm-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/scummvm-devel





More information about the Scummvm-devel mailing list