This is a security and bugfix release of MediaWiki 1.15.1 and 1.14.1. A cross-site scripting (XSS) vulnerability was discovered in [[Special:Block]]. Only versions 1.14.0, 1.15.0 and release candidates for those releases are affected. Cross-site scripting vulnerabilities allow an unprivileged attacker to gain administrator access to the wiki by tricking an administrator into viewing a page which emits a malicious script. The malicious script may also be able to gain privileged access to other applications on the same domain. Other changes in these releases: 1.15.1: * Fixed fatal errors for unusual file repository configurations, such as ForeignAPIRepo. * Fixed the "change password" link on Special:Preferences to have the correct returnto parameter. 1.14.1: * (bug 17737) Fixed russian URLs for Special:BookSources * (bug 17713) Using links with only an anchor no longer add an dummy entry in the pagelinks table * (bug 17897) Fixed string offset error in <pre> tags * (bug 17832) Fixed action=delete returning 'unknownerror' instead of 'permissiondenied' when the user is blocked * Fixed performance regression when accessing deleted (archived) files
Only the 1.14.0 in testing is affected.
1.14 was stable on ppc, so... Arches, please test and mark stable: =www-apps/mediawiki-1.14.1 Target keywords : "ppc"
ppc stable
glsa: no
no, too. Closing.