Upstream has announced version 1.23.10 on August 10: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html CVEs have been requested: http://openwall.com/lists/oss-security/2015/08/12/6 Updated packages uploaded for Mageia 4, Mageia 5, and Cauldron. Advisory to come later one CVEs are assigned. For now, see the upstream announcement. Testing procedure: https://wiki.mageia.org/en/QA_procedure:Mediawiki Updated packages in core/updates_testing: ======================== mediawiki-1.23.10-1.mga4 mediawiki-mysql-1.23.10-1.mga4 mediawiki-pgsql-1.23.10-1.mga4 mediawiki-sqlite-1.23.10-1.mga4 mediawiki-1.23.10-1.mga5 mediawiki-mysql-1.23.10-1.mga5 mediawiki-pgsql-1.23.10-1.mga5 mediawiki-sqlite-1.23.10-1.mga5 from SRPMS: mediawiki-1.23.10-1.mga4.src.rpm mediawiki-1.23.10-1.mga5.src.rpm Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA4TOO has_procedure
Working fine on our production wiki at work, Mageia 4 i586.
Whiteboard: MGA4TOO has_procedure => MGA4TOO has_procedure MGA4-32-OK
Trying this on mga5 x86_64. Cannot get past the pre-testing stage of setting up a wiki. I gave the database a name then specified myself as the user with my login password. Failure: DB connection error: Access denied for lcl.... It is not clear from the documentation if it is root or the user who does the setting up. I started with root. Is that the problem?
CC: (none) => tarazed25
It occurs to me that a database has to be set up first as well. And I don't know how to do that. Need some guidance here. Know nothing about mysql. Guess I shall have to start researching.
(In reply to Len Lawrence from comment #3) > It occurs to me that a database has to be set up first as well. And I don't > know how to do that. Need some guidance here. Know nothing about mysql. > Guess I shall have to start researching. See the testing procedure for Moodle (check resolved bugs in bugzilla); you can do something similar to set up the db.
Having no luck with this. Created a database called boojum via root and tried creating a user called tyro with a password. The user was rejected so I used my login name and password, which I had been trying to avoid. That succeeded so I logged out of root and tried the hostname/mediawiki page in Firefox. Supplied the database name boojum and then lcl :: password and that was rejected. I am stumped. Yes, I tested moodle when it came up recently and had no trouble at all so I don't know what is going wrong this time. Shall try to retrace my steps.
Got there at last. One of the problems was that I did not realize that mysql does not do DNS translation. Stupid idea anyway to specify a particular machine. Went back to localhost and user tyro lives. Mediawiki established. Now for the update....
Removed all traces of mediawiki from the system. Installed mediawiki and mediawiki-mysql and recreated the mediawiki from scratch; database boojum, use tyro. Modified the main page OK. Looks like this is OK. The packages are noarch but marking it as OK for 64-bit systems.
Oh. Do the other variants have to be tested too? i.e. pgsql and sqlite?
Whiteboard: MGA4TOO has_procedure MGA4-32-OK => MGA4TOO has_procedure MGA4-32-OK MGA5-64-OK
(In reply to Len Lawrence from comment #8) > Oh. Do the other variants have to be tested too? i.e. pgsql and sqlite? It doesn't hurt, but they don't absolutely have to be.
Testing Mageia 4 x64 Already had MediaWiki installed against PostgreSQL & working. From Updates Testing applied this update: mediawiki-1.23.10-1.mga4 mediawiki-pgsql-1.23.10-1.mga4 It continues to function correctly. Update OK.
CC: (none) => lewyssmithWhiteboard: MGA4TOO has_procedure MGA4-32-OK MGA5-64-OK => MGA4TOO has_procedure MGA4-32-OK MGA5-64-OK MGA4-64-OK
Validating. Advisory needed though.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Still no response to the CVE request. Generic advisory for now. Advisory: ======================== Updated mediawiki packages fix security vulnerabilities: The mediawiki package has been updated to version 1.23.10, which fixes multiple security issues and other bugs. See the release announcement for more details. References: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html
Whiteboard: MGA4TOO has_procedure MGA4-32-OK MGA5-64-OK MGA4-64-OK => MGA4TOO has_procedure MGA4-32-OK MGA5-64-OK MGA4-64-OK advisory
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0320.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/655405/
CVEs have finally been assigned: http://openwall.com/lists/oss-security/2015/08/27/6 CVE-2013-7444 CVE-2015-6727 CVE-2015-6728 CVE-2015-6729 CVE-2015-6730 CVE-2015-6731 CVE-2015-6732 CVE-2015-6733 CVE-2015-6734 CVE-2015-6735 CVE-2015-6736 CVE-2015-6737
LWN entry with CVEs: http://lwn.net/Vulnerabilities/656657/
This one was deleted: http://lwn.net/Vulnerabilities/655405/
URL: http://lwn.net/Vulnerabilities/655405/ => http://lwn.net/Vulnerabilities/656657/