From $URL: Tomorrow we will be issuing a security and maintenance release to all supported branches of MediaWiki. The new releases will be: - 1.31.11 - 1.35.1 This will resolve 5 issues in MediaWiki core (1 of which isn't applicable to MediaWiki 1.31 at all), and also includes some fixes previously committed to git, including minor security and hardening patches along with bug fixes included for maintenance reasons. (Tomorrow is 20201216)
1.31.11 and 1.35.1 are released: * (T268894, CVE-2020-35474) SECURITY: Message recentchanges-legend-watchlistexpiry can contain raw html. * (T268917, CVE-2020-35475) SECURITY: Messages userrights-expiry-current and userrights-expiry-none can contain raw html. * (T268938, CVE-2020-35478, CVE-2020-35479) SECURITY: BlockLogFormatter can output raw html. * (T205908, CVE-2020-35477) SECURITY: Unable to change visibility of log entries when MediaWiki:Mainpage uses Special:MyLanguage. * (T120883, CVE-2020-35480) SECURITY: Divergent behavior for contributions and user pages of hidden users and missing users. Please bump to 1.35.1.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eca29da12d5a6f6a26c84e7272e12f680b23d42f commit eca29da12d5a6f6a26c84e7272e12f680b23d42f Author: Miroslav Šulc <fordfrog@gentoo.org> AuthorDate: 2020-12-18 10:47:04 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2020-12-18 10:47:04 +0000 www-apps/mediawiki: bump to 1.35.1 Bug: https://bugs.gentoo.org/760414 Package-Manager: Portage-3.0.12, Repoman-3.0.2 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> www-apps/mediawiki/Manifest | 1 + www-apps/mediawiki/mediawiki-1.35.1.ebuild | 86 ++++++++++++++++++++++++++++++ 2 files changed, 87 insertions(+)
feel free to request package stabilization if needed
(In reply to Miroslav Šulc from comment #3) > feel free to request package stabilization if needed Thanks!
amd64 done
x86 stable
ppc done all arches done
Please cleanup, thanks!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=55a85ea6c92ee7ecacad8d85096e5896c6554860 commit 55a85ea6c92ee7ecacad8d85096e5896c6554860 Author: Miroslav Šulc <fordfrog@gentoo.org> AuthorDate: 2020-12-22 13:17:16 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2020-12-22 13:17:16 +0000 www-apps/mediawiki: removed obsolete & vulnerable 1.35.0 Bug: https://bugs.gentoo.org/760414 Package-Manager: Portage-3.0.12, Repoman-3.0.2 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> www-apps/mediawiki/Manifest | 1 - www-apps/mediawiki/mediawiki-1.35.0.ebuild | 86 ------------------------------ 2 files changed, 87 deletions(-)
the cree is clean now, you can proceed
(In reply to Miroslav Šulc from comment #10) > the cree is clean now, you can proceed Thanks! All done.
