announcement of the release of MediaWiki 1.22.2, 1.21.5 and
1.19.11.
Your MediaWiki installation is affected by a remote code execution
vulnerability if you have enabled file upload support for DjVu (natively
supported by MediaWiki) or PDF files (in combination with the PdfHandler
extension). Neither file type is enabled by default in MediaWiki
installations. If you are affected, we strongly urge you to update
immediately.
Affected supported versions: All
SOURCE:
http://lists.wikimedia.org/pipermail/me ... 00140.html