MediaWiki 1.17.2 and 1.18.1 were released to correct a security flaw in its API where prop=revisions would expose deleted text to unprivileged users through cache pollution. MediaWiki 1.16 is no longer supported upstream, but this flaw does seem to affect that version, as per the code changes (r108682). References: https://www.mediawiki.org/wiki/Special:Code/MediaWiki/108682 https://bugzilla.wikimedia.org/show_bug.cgi?id=33117 http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_17_2/phase3/RELEASE-NOTES
Created mediawiki tracking bugs for this issue Affects: fedora-all [bug 773741]
Created mediawiki116 tracking bugs for this issue Affects: epel-all [bug 773742]
This has been assigned the name CVE-2012-0046: http://www.openwall.com/lists/oss-security/2012/01/12/8