A vulnerability has been reported in MediaWiki, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via unspecified parameters to api.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability affects users of Microsoft Internet Explorer only. Successful exploitation requires that the API interface is enabled. The vulnerability is reported in the following versions: * 1.11 <= 1.11.0rc1 * 1.10 <= 1.10.2 * 1.9 <= 1.9.4 * 1.8 any version (if $wgEnableAPI has been switched on) Solution: Update to version 1.11.1, 1.10.3, or 1.9.5.
maintainers - please provide an updated ebuild
I will provide it as soon as I can, I am currently rebuilding my home system and don't have the ressource to make it right now. I hope Ill be able to sort this out by Monday.
Cleaned-up 1.1.11 ebuild commited to webapps overlay [1], fixed postinstall instructions etc. I didn't bump other versions since I simply wish all the legacy bloat would go to /dev/null. We really don't need 5 different branches of this in the tree. [1] http://overlays.gentoo.org/svn/proj/webapps/migration/www-apps/mediawiki/
Could we get a fixed version in the tree?
I agree with Jakub on the other branches. I reduced the packge to the highest stable version and the newer mediawiki-1.11.1. Target archs: amd64 ppc sparc x86 I'll remove mediawiki-1.8.5 once mediawiki-1.11.1 is stable on the archs mentioned above.
Sorry, to say my system is still down, I got 2 broken processors back to back. The only important version is 1.6.x as it can be used with older php versions, but I do think it is time for that one to die. It was my plan to kill all 1.7 1.8 1.9 1.10 as soon as this new system start working for more than 10 minutes at a time. Thank you for doing the job this time.
x86 stable and added RESTRICT="test" as they don't work (with jakubs permission).
Rerating as B since we're marking stable.
ppc stable
sparc stable
amd64 stable
This one is ready for GLSA vote. I tend to vote NO.
This bug was fixed in release snapshot.
NO, and closed.