Page MenuHomePhabricator

Yorick (Yorick)
User

Projects

User does not belong to any projects.

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Thursday

  • Clear sailing ahead.

User Details

User Since
Feb 21 2017, 9:45 PM (129 w, 6 d)
Availability
Available
LDAP User
Unknown
MediaWiki User
Yorickk [ Global Accounts ]

Recent Activity

Apr 30 2017

Yorick added a comment to T164155: new minor release needed for syntaxhighlight.

Thanks for taking these actions @Bawolff

Apr 30 2017, 6:00 AM · Release, Security

Apr 28 2017

Yorick added a comment to T158689: Parameters injection in SyntaxHighlight results in multiple vulnerabilities.

Fair enough, although I kinda got that :). My point is that a lot of people will use the tarball and will not get the fix (if they update at all). The fix is for example also not in Debian's version (https://sources.debian.net/src/mediawiki/1:1.27.2-1/extensions/SyntaxHighlight_GeSHi/SyntaxHighlight_GeSHi.class.php/).

Apr 28 2017, 4:23 PM · MW-1.29-release (WMF-deploy-2017-04-04_(1.29.0-wmf.19)), Patch-For-Review, Vuln-XSS, Security
Yorick added a comment to T158689: Parameters injection in SyntaxHighlight results in multiple vulnerabilities.

@demon @Reedy how to proceed? The details of this issue are now public, yet the fix is not included in 1.28.1 & 1.27.2

Apr 28 2017, 6:49 AM · MW-1.29-release (WMF-deploy-2017-04-04_(1.29.0-wmf.19)), Patch-For-Review, Vuln-XSS, Security

Apr 18 2017

Yorick added a comment to T158689: Parameters injection in SyntaxHighlight results in multiple vulnerabilities.

This issue is reported as fixed in 1.28.1 / 1.27.2, but I can't seem to find the fix.

Apr 18 2017, 8:25 AM · MW-1.29-release (WMF-deploy-2017-04-04_(1.29.0-wmf.19)), Patch-For-Review, Vuln-XSS, Security