Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11]) by narn.NetBSD.org (Postfix) with ESMTP id B610D63C07F for ; Sat, 7 Feb 2009 11:09:38 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 0) id 6116F63B1B2; Sat, 7 Feb 2009 11:09:38 +0000 (UTC) Received: from cvs.netbsd.org (unknown [IPv6:2001:4f8:4:7:2e0:81ff:fe25:eab4]) by mail.netbsd.org (Postfix) with ESMTP id 88E0F63B1A4 for ; Sat, 7 Feb 2009 11:09:37 +0000 (UTC) Received: by cvs.netbsd.org (Postfix, from userid 500) id 7AA77175D0; Sat, 7 Feb 2009 11:09:37 +0000 (UTC) From: Martti Kuparinen Subject: CVS commit: pkgsrc/www/mediawiki To: pkgsrc-changes@NetBSD.org Reply-To: martti@netbsd.org Message-Id: <20090207110937.7AA77175D0@cvs.netbsd.org> Date: Sat, 7 Feb 2009 11:09:37 +0000 (UTC) Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes Precedence: list Module Name: pkgsrc Committed By: martti Date: Sat Feb 7 11:09:37 UTC 2009 Modified Files: pkgsrc/www/mediawiki: Makefile PLIST distinfo Log Message: Updated www/mediawiki to 1.13.4 A number of cross-site scripting (XSS) security vulnerabilities were discovered in the web-based installer (config/index.php). These vulnerabilities all require a live installer -- once the installer has been used to install a wiki, it is deactivated. Note that cross-site scripting vulnerabilities can be used to attack any website in the same cookie domain. So if you have an uninstalled copy of MediaWiki on the same site as an active web service, MediaWiki could be used to attack the active service. If you are hosting an old copy of MediaWiki that you have never installed, we advise you to remove it from the web. To generate a diff of this commit: cvs rdiff -r1.3 -r1.4 pkgsrc/www/mediawiki/Makefile cvs rdiff -r1.2 -r1.3 pkgsrc/www/mediawiki/PLIST \ pkgsrc/www/mediawiki/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.