Upstream has announced version 1.35.8 on September 29: https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/SPYFDCGZE7KJNO73ET7QVSUXMHXVRFTE/ It fixes several security issues. Updated packages uploaded for Mageia 8 and Cauldron. Advisory: ======================== Updated mediawiki packages fix security vulnerabilities: HTMLUserTextField exposes existence of hidden users (CVE-2022-41765). reassignEdits doesn't update results in an IP range check on Special:Contributions (CVE-2022-41767). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767 https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/SPYFDCGZE7KJNO73ET7QVSUXMHXVRFTE/ ======================== Updated packages in core/updates_testing: ======================== mediawiki-1.35.8-1.mga8 mediawiki-mysql-1.35.8-1.mga8 mediawiki-pgsql-1.35.8-1.mga8 mediawiki-sqlite-1.35.8-1.mga8 from mediawiki-1.35.8-1.mga8.src.rpm
Debian has issued an advisory for this on October 4: https://www.debian.org/security/2022/dsa-5246
Followed the umpteenth time the wiki, but when pointing to http://localhost/mediawiki/, I get Error 404. And yes both httpd and mysqld are running because I used phpMyadmin to set up database and user. This laptop did not have mediawiki before. I just noticed that the /etc/mediawiki folder is empty.
CC: (none) => herman.viaene
As root From release and updates repos, installed mediawiki and php-mysqli selecting apache, mysql, and required dependencies. Edited /etc/php.d/05_date.ini and added a line with "date.timezone =America/Toronto" "systemctl start mysqld.service" "mysql_secure_installation", set the root password etc "systemctl start httpd.service" As regular user "firefox http://localhost/mediawiki" Clicked on the "set up the wiki" link to http://localhost/mediawiki/mw-config/index.php Selected mariadb as the db type and provided the root mysql password and chose to use the same account for installation. Was reminded of the annoying requirement to use at least 10 characters for the wiki password, so have a different password for logging in to mediawiki. Downloaded the LocalSettings.php and copied it to /etc/mediawiki "systemctl restart httpd.service" to pick up the new LocalSettings.php file. Went to http://localhost/mediawiki/index.php/QaTestB4Update Logged in, entered some text and a summary, created the page. Installed the update using qarepo "systemctl restart httpd.service" Restarted firefox going back to http://localhost/mediawiki/index.php/QaTestB4Update Went to http://localhost/mediawiki/index.php/QaTestAfterUpdate and created a new page. Validating the update. Herman, please try the above and update any missing or wrong parts in the wiki.
CC: (none) => davidwhodgins, sysadmin-bugsWhiteboard: (none) => MGA8-64-OKKeywords: (none) => validated_update
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0370.html
Status: NEW => RESOLVEDResolution: (none) => FIXED