Advisories » MGASA-2013-0221

Updated mediawiki packages fix security vulnerability

Publication date: 21 Jul 2013
Modification date: 21 Jul 2013
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-2114

Description

MediaWiki user Marco discovered that security checks for file uploads were
not being run when the file was uploaded in chunks through the API. This
option has been available to users who can upload files since MediaWiki
1.19 (CVE-2013-2114).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=10784
• http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-May/000131.html
• https://www.mediawiki.org/wiki/Release_notes/1.20#MediaWiki_1.20.6
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2114

SRPMS

3/core

• mediawiki-1.20.6-1.2.mga3