crap, another XSS issue in the latest mediawiki. (~arched) Please update to the 1.6.7 version, thanks in advance. 1.4 branch (stable) seems unaffected, but i can't confirm since the vuln is "unspecified" from Secunia SA 20458
If we quote their own text, "The vulnerability has been reported in versions 1.6.0 through 1.6.6." Anytest we could do to verify this ? I will create the new ebuild within the next 8 hours.
Interesting enough, it works again with a simple version bump... problem is I cannot find an MD5 from their site to confirm it is the right one I downloaded. I don't know if this something we should complain about? Anyway 1.6.7 is in the world of Gentoo. I am quite sure it is the right one.
thanks again for the fastness, it's really great :) . I let your team check if everything is right.
>>> Emerging (1 of 1) www-apps/mediawiki-1.6.7 to / >>> checking ebuild checksums ;-) >>> checking auxfile checksums ;-) >>> checking miscfile checksums ;-) >>> checking mediawiki-1.6.7.tar.gz !!! Digest verification failed: !!! /usr/portage/distfiles/mediawiki-1.6.7.tar.gz !!! Reason: Filesize does not match recorded size !!! Got: 2728980 !!! Expected: 12208
For some reason, I installed the right tar ball, but my overlay got the webpage linking to it. Commited and it should be fixed with the right file.