Upstream has announced version 1.27.5 on September 20: https://lists.wikimedia.org/pipermail/mediawiki-announce/2018-September/000223.html Cauldron should also be updated to the new 1.31.x LTS branch. Debian has issued an advisory for this on September 22: https://www.debian.org/security/2018/dsa-4301
Whiteboard: (none) => MGA6TOO
Assigning to all packagers collectively, since there is no registered maintainer for this package. Also CC'ing some committers and our sysadmins, because we use MediaWiki for our wiki.
Assignee: bugsquad => pkg-bugsCC: (none) => marja11, rverschelde, shlomif, smelror, sysadmin-bugs, tmb
1.27.5 uploaded to mga6
Assignee: pkg-bugs => brunoStatus: NEW => ASSIGNEDCC: (none) => bruno
mediawiki-1.31.1-1.mga7 uploaded to cauldron
Whiteboard: MGA6TOO => (none)Assignee: bruno => qa-bugsVersion: Cauldron => 6
Thanks Bruno. Note for future reference that when mediawiki is updated to a new branch, mediawiki-math and mediawiki-ldapauthentication need to be updated too. I took care of it.
Advisory: ======================== Updated mediawiki packages fix security vulnerabilities: $wgRateLimits entry for 'user' overrides 'newbie' (CVE-2018-0503). When a log event is (partially) hidden Special:Redirect/logid can link to the incorrect log and reveal hidden information (CVE-2018-0504). BotPasswords can bypass CentralAuth's account lock (CVE-2018-0505). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0503 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0504 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0505 https://lists.wikimedia.org/pipermail/mediawiki-announce/2018-September/000223.html ======================== Updated packages in core/updates_testing: ======================== mediawiki-1.27.5-1.mga6 mediawiki-mysql-1.27.5-1.mga6 mediawiki-pgsql-1.27.5-1.mga6 mediawiki-sqlite-1.27.5-1.mga6 from mediawiki-1.27.5-1.mga6.src.rpm
MGA6-32 MATE on IBM Thinkpad R50e No installation issues. Following QA procedure from Wiki: # systemctl start httpd # systemctl -l status httpd ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: enabled) Active: active (running) since ma 2018-10-29 13:46:42 CET; 11s ago # systemctl start mysqld # systemctl -l status mysqld ● mysqld.service - MySQL database server Loaded: loaded (/usr/lib/systemd/system/mysqld.service; disabled; vendor preset: enabled) Active: active (running) since ma 2018-10-29 13:47:45 CET; 6s ago Setup of mediawiki seems OK, checked presence of database with phpmyadmin, looks OK
CC: (none) => herman.viaeneWhiteboard: (none) => MGA6-32-OK
Validating. Advisory in Comment 5.
CC: (none) => andrewsfarmKeywords: (none) => validated_update
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0433.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED