——————————————————————————–
Fedora Update Notification
FEDORA-2018-edf90410ea
2018-10-07 21:10:49.841625
——————————————————————————–
Name : mediawiki
Product : Fedora 27
Version : 1.29.3
Release : 1.fc27
URL : http://www.mediawiki.org/
Summary : A wiki engine
Description :
MediaWiki is the software used for Wikipedia and the other Wikimedia
Foundation websites. Compared to other wikis, it has an excellent
range of features and support for high-traffic websites using multiple
servers
This package supports wiki farms. Read the instructions for creating wiki
instances under /usr/share/doc/mediawiki/README.RPM.
Remember to remove the config dir after completing the configuration.
——————————————————————————–
Update Information:
https://www.mediawiki.org/wiki/Release_notes/1.29#MediaWiki_1.29.3 –
(T169545, CVE-2018-0503) SECURITY: $wgRateLimits entry for ‘user’ overrides
‘newbie’. – (T194605, CVE-2018-0505) SECURITY: BotPasswords can bypass
CentralAuth’s account lock. – (T180551) Fix LanguageSrTest for language
converter – (T180552) Fix langauge converter parser test with self-close tags
– (T180537) Remove $wgAuth usage from wrapOldPasswords.php – (T180485)
InputBox: Have inputbox langconvert certain attributes – (T161732, T181547)
Upgraded Moment.js from v2.15.0 to v2.19.3. – (T172927) Drop vendor from MW
release branch – (T87572) Make FormatMetadata::flattenArrayReal() work for an
associative array – Updated composer/spdx-licenses from 1.1.4 to 1.3.0
(development dependency). – (T189567) the CLI installer
(maintenance/install.php) learned to detect and include extensions. Pass –with-
extensions to enable that feature. – (T182381) Mask deprecated call in
WatchedItemUnitTest – (T190503) Let built-in web server (maintenance/dev)
handle .php requests. – The karma qunit tests would fail on some
configuration due to headers already sent. Check headers_sent() before sending
cpPosTime headers – (T167507) selenium: Run Chrome headlessly. – selenium:
Pass -no-sandbox to Chrome under Docker – (T191247) Use
MediaWiki\SuppressWarnings around trigger_error() instead @ – (T75174,
T161041) Unit test ChangesListSpecialPageTest::testFilterUserExpLevel fails
under SQLite. – (T192584) Stop incorrectly passing USE INDEX to
RecentChange::newFromConds(). – (T179190) selenium: Move test running logic
from package.json to selenium.sh. – (T117839, T193200) PDFHandler: Fix for
pdfinfo changes in poppler-utils 0.48. – Add default edit rate limit of 90
edits/minute for all users. – (T196125) php-memcached 3.0 (provided with PHP
7.0) is now supported. – (T196672) The mtime of extension.json files is now
able to be zero – (T180403) Validate $length in padleft/padright parser
functions. – (T143790) Make $wgEmailConfirmToEdit only affect edit actions. –
(T194237) Special:BotPasswords now requires reauthentication. – (T191608,
T187638) Add ‘logid’ parameter to Special:Log. – (T176097) resourceloader:
Disable a flaky MessageBlobStoreTest case – (T193829) Indicate when a Bot
Password needs reset. – (T151415) Log email changes. – (T118420) Unbreak
Oracle installer.
——————————————————————————–
ChangeLog:
* Fri Sep 28 2018 Michael Cronenworth <mike@cchtml.com> – 1.29.3-1
– Update to 1.29.3
– https://www.mediawiki.org/wiki/Release_notes/1.29#MediaWiki_1.29.3
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> – 1.29.2-4
– Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Feb 8 2018 Fedora Release Engineering <releng@fedoraproject.org> – 1.29.2-3
– Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Mon Nov 20 2017 Michael Cronenworth <mike@cchtml.com> – 1.29.2-2
– Add links to new libraries (rhbz#1515022)
* Thu Nov 16 2017 Michael Cronenworth <mike@cchtml.com> – 1.29.2-1
– Update to 1.29.2
——————————————————————————–
References:
[ 1 ] Bug #1634162 – CVE-2018-0503 mediawiki: $wgRateLimits (rate limit / ping limiter) entry for ‘user’ overrides that for ‘newbie’ [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1634162
[ 2 ] Bug #1634167 – CVE-2018-0505 mediawiki: BotPassword can bypass CentralAuth’s account lock [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1634167
[ 3 ] Bug #1634170 – CVE-2018-0504 mediawiki: Information exposure when a log event is (partially) hidden [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1634170
——————————————————————————–
This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2018-edf90410ea’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
——————————————————————————–
Fedora Update Notification
FEDORA-2018-e022ecbc52
2018-10-07 22:15:04.448869
——————————————————————————–
Name : mediawiki
Product : Fedora 28
Version : 1.29.3
Release : 1.fc28
URL : http://www.mediawiki.org/
Summary : A wiki engine
Description :
MediaWiki is the software used for Wikipedia and the other Wikimedia
Foundation websites. Compared to other wikis, it has an excellent
range of features and support for high-traffic websites using multiple
servers
This package supports wiki farms. Read the instructions for creating wiki
instances under /usr/share/doc/mediawiki/README.RPM.
Remember to remove the config dir after completing the configuration.
——————————————————————————–
Update Information:
https://www.mediawiki.org/wiki/Release_notes/1.29#MediaWiki_1.29.3 –
(T169545, CVE-2018-0503) SECURITY: $wgRateLimits entry for ‘user’ overrides
‘newbie’. – (T194605, CVE-2018-0505) SECURITY: BotPasswords can bypass
CentralAuth’s account lock. – (T180551) Fix LanguageSrTest for language
converter – (T180552) Fix langauge converter parser test with self-close tags
– (T180537) Remove $wgAuth usage from wrapOldPasswords.php – (T180485)
InputBox: Have inputbox langconvert certain attributes – (T161732, T181547)
Upgraded Moment.js from v2.15.0 to v2.19.3. – (T172927) Drop vendor from MW
release branch – (T87572) Make FormatMetadata::flattenArrayReal() work for an
associative array – Updated composer/spdx-licenses from 1.1.4 to 1.3.0
(development dependency). – (T189567) the CLI installer
(maintenance/install.php) learned to detect and include extensions. Pass –with-
extensions to enable that feature. – (T182381) Mask deprecated call in
WatchedItemUnitTest – (T190503) Let built-in web server (maintenance/dev)
handle .php requests. – The karma qunit tests would fail on some
configuration due to headers already sent. Check headers_sent() before sending
cpPosTime headers – (T167507) selenium: Run Chrome headlessly. – selenium:
Pass -no-sandbox to Chrome under Docker – (T191247) Use
MediaWiki\SuppressWarnings around trigger_error() instead @ – (T75174,
T161041) Unit test ChangesListSpecialPageTest::testFilterUserExpLevel fails
under SQLite. – (T192584) Stop incorrectly passing USE INDEX to
RecentChange::newFromConds(). – (T179190) selenium: Move test running logic
from package.json to selenium.sh. – (T117839, T193200) PDFHandler: Fix for
pdfinfo changes in poppler-utils 0.48. – Add default edit rate limit of 90
edits/minute for all users. – (T196125) php-memcached 3.0 (provided with PHP
7.0) is now supported. – (T196672) The mtime of extension.json files is now
able to be zero – (T180403) Validate $length in padleft/padright parser
functions. – (T143790) Make $wgEmailConfirmToEdit only affect edit actions. –
(T194237) Special:BotPasswords now requires reauthentication. – (T191608,
T187638) Add ‘logid’ parameter to Special:Log. – (T176097) resourceloader:
Disable a flaky MessageBlobStoreTest case – (T193829) Indicate when a Bot
Password needs reset. – (T151415) Log email changes. – (T118420) Unbreak
Oracle installer.
——————————————————————————–
ChangeLog:
* Fri Sep 28 2018 Michael Cronenworth <mike@cchtml.com> – 1.29.3-1
– Update to 1.29.3
– https://www.mediawiki.org/wiki/Release_notes/1.29#MediaWiki_1.29.3
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> – 1.29.2-4
– Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Feb 8 2018 Fedora Release Engineering <releng@fedoraproject.org> – 1.29.2-3
– Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
——————————————————————————–
References:
[ 1 ] Bug #1634170 – CVE-2018-0504 mediawiki: Information exposure when a log event is (partially) hidden [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1634170
[ 2 ] Bug #1634167 – CVE-2018-0505 mediawiki: BotPassword can bypass CentralAuth’s account lock [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1634167
[ 3 ] Bug #1634162 – CVE-2018-0503 mediawiki: $wgRateLimits (rate limit / ping limiter) entry for ‘user’ overrides that for ‘newbie’ [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1634162
——————————————————————————–
This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2018-e022ecbc52’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org