Upstream has announced version 1.31.4 on October 7: https://lists.wikimedia.org/pipermail/mediawiki-announce/2019-October/000236.html It fixes one security issue. Updated packages uploaded for Mageia 7 and Cauldron. Advisory: ======================== Updated mediawiki packages fix security vulnerability: MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page (CVE-2019-19709). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19709 https://lists.wikimedia.org/pipermail/mediawiki-announce/2019-December/000243.html ======================== Updated packages in core/updates_testing: ======================== mediawiki-1.31.6-1.mga7 mediawiki-mysql-1.31.6-1.mga7 mediawiki-pgsql-1.31.6-1.mga7 mediawiki-sqlite-1.31.6-1.mga7 from mediawiki-1.31.6-1.mga7.src.rpm
Testing procedure: https://wiki.mageia.org/en/QA_procedure:Mediawiki
Keywords: (none) => has_procedure
MGA7-64 Plasma on Lenovo B50 No installation issues. Followed wiki up o creating a new wiki and a new page in it (trick: there is no "New" button, just type a name in the search box, it will not find it, but then you can create it). Works OK.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA7-64-OK
Validating. Advisory in Comment 0.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisoryCC: (none) => tmb
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0021.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED