From: Matthias Scheler <tron@netbsd.org>
Subject: CVS commit: [pkgsrc-2008Q4] pkgsrc/www/mediawiki
To: pkgsrc-changes@NetBSD.org
Reply-To: tron@netbsd.org
Message-Id: <20090207195633.4C5A8175D0@cvs.netbsd.org>
Date: Sat,  7 Feb 2009 19:56:33 +0000 (UTC)
Sender: pkgsrc-changes-owner@NetBSD.org
Precedence: list


Module Name:	pkgsrc
Committed By:	tron
Date:		Sat Feb  7 19:56:33 UTC 2009

Modified Files:
	pkgsrc/www/mediawiki [pkgsrc-2008Q4]: Makefile PLIST distinfo

Log Message:
Pullup ticket #2690 - requested by martti
mediawiki: security update

Revisions pulled up:
- www/mediawiki/Makefile			1.4
- www/mediawiki/PLIST				1.3
- www/mediawiki/distinfo			1.3
---
Module Name:	pkgsrc
Committed By:	martti
Date:		Sat Feb  7 11:09:37 UTC 2009

Modified Files:
	pkgsrc/www/mediawiki: Makefile PLIST distinfo

Log Message:
Updated www/mediawiki to 1.13.4

A number of cross-site scripting (XSS) security vulnerabilities were
discovered in the web-based installer (config/index.php). These
vulnerabilities all require a live installer -- once the installer has been
used to install a wiki, it is deactivated.

Note that cross-site scripting vulnerabilities can be used to attack any
website in the same cookie domain. So if you have an uninstalled copy of
MediaWiki on the same site as an active web service, MediaWiki could be used
to attack the active service.  If you are hosting an old copy of MediaWiki
that you have never installed, we advise you to remove it from the web.


To generate a diff of this commit:
cvs rdiff -r1.3 -r1.3.2.1 pkgsrc/www/mediawiki/Makefile
cvs rdiff -r1.2 -r1.2.2.1 pkgsrc/www/mediawiki/PLIST \
    pkgsrc/www/mediawiki/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.