Upstream has announced version 1.31.4 on October 7: https://lists.wikimedia.org/pipermail/mediawiki-announce/2019-October/000236.html It fixes one security issue. Updated packages uploaded for Mageia 7 and Cauldron. Advisory: ======================== Updated mediawiki packages fix security vulnerability: In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup (CVE-2019-16738). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16738 https://lists.wikimedia.org/pipermail/mediawiki-announce/2019-October/000236.html ======================== Updated packages in core/updates_testing: ======================== mediawiki-1.31.4-1.mga7 mediawiki-mysql-1.31.4-1.mga7 mediawiki-pgsql-1.31.4-1.mga7 mediawiki-sqlite-1.31.4-1.mga7 from mediawiki-1.31.4-1.mga7.src.rpm
Testing procedure: https://wiki.mageia.org/en/QA_procedure:Mediawiki
Keywords: (none) => has_procedure
Looks like there is an issue with the security fix... https://phabricator.wikimedia.org/source/mediawiki/browse/REL1_31/RELEASE-NOTES-1.31 * Followup T230402, PermissionManager doesn't exist until 1.33, so fix the backported patches to use User::isAllowed() instead.
CC: (none) => tmb
And the fix: https://phabricator.wikimedia.org/rMW3c22347f55102536b050160dfa9b30c21018fc2c
Keywords: (none) => feedback
1.31.5 got released to fix up the security fix, so its now building.... rpms list: mediawiki-1.31.5-1.mga7 mediawiki-mysql-1.31.5-1.mga7 mediawiki-pgsql-1.31.5-1.mga7 mediawiki-sqlite-1.31.5-1.mga7 from mediawiki-1.31.5-1.mga7.src.rpm
Keywords: feedback => (none)Summary: mediawiki new security issue fixed upstream in 1.31.4 => mediawiki new security issue fixed upstream in 1.31.5
Thanks Thomas! Advisory: ======================== Updated mediawiki packages fix security vulnerability: In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup (CVE-2019-16738). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16738 https://lists.wikimedia.org/pipermail/mediawiki-announce/2019-October/000236.html https://lists.wikimedia.org/pipermail/mediawiki-announce/2019-October/000238.html
Summary: mediawiki new security issue fixed upstream in 1.31.5 => mediawiki new security issue fixed upstream in 1.31.4
MGA7-64 Plasma on Lenovo B50 No installation issues. Followed procedure as in https://wiki.mageia.org/en/QA_procedure:Mediawiki using mysql and a robust password. All works OK, wiki created.
Whiteboard: (none) => MGA7-64-OKCC: (none) => herman.viaene
Validating. Advisory in Comment 5.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0301.html
Status: NEW => RESOLVEDResolution: (none) => FIXED