From secunia security advisory at $URL:
The weakness is caused due to an error within the "execute()" function (includes/api/ApiQueryRevisions.php), which discloses old revision content and can be exploited to disclose deleted cached content by diffing to a hidden revision.
Successful exploitation requires that the content is cached by a caching server.
The weakness is reported in versions prior to 1.18.1 and 1.17.2.
Update to version 1.18.1 or 1.17.2.
1.18.1 added to CVS.
(In reply to comment #1)
> 1.18.1 added to CVS.
Arches, please test and mark stable:
target KEYWORDS : "amd64 ppc sparc x86"
x86 stable. Thanks
sparc keywords dropped
ppc done; closing as last arch
@security, please vote
Thanks, folks. GLSA Vote: no.
Vote: no, too. Closing [noglsa].