FEDORA-2018-e022ecbc52 created by mooninite a year ago for Fedora 28
stable

https://www.mediawiki.org/wiki/Release_notes/1.29#MediaWiki_1.29.3

  • (T169545, CVE-2018-0503) SECURITY: $wgRateLimits entry for 'user' overrides 'newbie'.

  • (T194605, CVE-2018-0505) SECURITY: BotPasswords can bypass CentralAuth's account lock.

  • (T180551) Fix LanguageSrTest for language converter

  • (T180552) Fix langauge converter parser test with self-close tags
  • (T180537) Remove $wgAuth usage from wrapOldPasswords.php
  • (T180485) InputBox: Have inputbox langconvert certain attributes
  • (T161732, T181547) Upgraded Moment.js from v2.15.0 to v2.19.3.
  • (T172927) Drop vendor from MW release branch
  • (T87572) Make FormatMetadata::flattenArrayReal() work for an associative array
  • Updated composer/spdx-licenses from 1.1.4 to 1.3.0 (development dependency).
  • (T189567) the CLI installer (maintenance/install.php) learned to detect and include extensions. Pass --with-extensions to enable that feature.

  • (T182381) Mask deprecated call in WatchedItemUnitTest

  • (T190503) Let built-in web server (maintenance/dev) handle .php requests.
  • The karma qunit tests would fail on some configuration due to headers already sent. Check headers_sent() before sending cpPosTime headers

  • (T167507) selenium: Run Chrome headlessly.

  • selenium: Pass -no-sandbox to Chrome under Docker
  • (T191247) Use MediaWiki\SuppressWarnings around trigger_error() instead @
  • (T75174, T161041) Unit test ChangesListSpecialPageTest::testFilterUserExpLevel fails under SQLite.

  • (T192584) Stop incorrectly passing USE INDEX to RecentChange::newFromConds().

  • (T179190) selenium: Move test running logic from package.json to selenium.sh.
  • (T117839, T193200) PDFHandler: Fix for pdfinfo changes in poppler-utils 0.48.
  • Add default edit rate limit of 90 edits/minute for all users.
  • (T196125) php-memcached 3.0 (provided with PHP 7.0) is now supported.
  • (T196672) The mtime of extension.json files is now able to be zero
  • (T180403) Validate $length in padleft/padright parser functions.
  • (T143790) Make $wgEmailConfirmToEdit only affect edit actions.
  • (T194237) Special:BotPasswords now requires reauthentication.
  • (T191608, T187638) Add 'logid' parameter to Special:Log.
  • (T176097) resourceloader: Disable a flaky MessageBlobStoreTest case
  • (T193829) Indicate when a Bot Password needs reset.
  • (T151415) Log email changes.
  • (T118420) Unbreak Oracle installer.

How to install

sudo dnf upgrade --advisory=FEDORA-2018-e022ecbc52
This update has been submitted for testing by mooninite. a year ago
This update has been pushed to testing. a year ago
User Icon imabug provided feedback a year ago
karma
This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes a year ago
This update has been submitted for batched by mooninite. a year ago
This update has been submitted for stable by mooninite. a year ago
This update has been pushed to stable. a year ago

Please login to add feedback.

Metadata
Type
security
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Dates
submitted
a year ago
in testing
a year ago
in stable
a year ago
BZ#1634162 CVE-2018-0503 mediawiki: $wgRateLimits (rate limit / ping limiter) entry for 'user' overrides that for 'newbie' [fedora-all]
0
0
BZ#1634167 CVE-2018-0505 mediawiki: BotPassword can bypass CentralAuth's account lock [fedora-all]
0
0
BZ#1634170 CVE-2018-0504 mediawiki: Information exposure when a log event is (partially) hidden [fedora-all]
0
0

Automated Test Results