If a user is blocked with the "Hide username from edits and lists" option selected, and another administrator attempted to reblock the same user, then the block reason was shown to the second administrator even if they lacked the hideuser right.
This was fixed in the attached patch, to be included with the release of MediaWiki 1.19.2 and 1.18.5.
Administrators are advised to avoid placing private data in block reasons. If a block reason does contain private data, the user should be reblocked with a non-private block reason and the original log entry suppressed.
Version: 1.19.1
Severity: normal