Bugzilla Bug 127971

Hello

mediawiki shoud be upgraded in the portage with the followings versions
- 1.5.8
- 1.4.15
- 1.3.18

As described on the homepage (http://www.mediawiki.org/wiki/MediaWiki) there
some html/xss injections.

Older versions may be removed from the portage ?

hi web-apps, do you want to provide an ebuild for 1.4.15 or should we go for a
stable marking of 1.5.8?

I'd vote for both.

Although, I already bumped 1.5.8 as it came out, but I must have missed the
1.4.15 release.

1.4.15 is in the tree now as well. thanks for the notice :)

(I do not close this bug as it's kinda security-assigned, so please do so if
you feel fine with all)

arches, please test and mark 1.4.15 or 1.5.8 stable, thank you.

trapni, please dont bump security bugs directly to stable. Would you or
somebody from the arches team please remove the stable keywords for any arch
this wasnt tested on? Thanks.

um, yeah, okay - as it was a security (bugfix only) release, and 1.4.14 were
already marked stable I didn't mind in unstable-marking them all.

For amd64 I could speak that it runs just fine for the 1.5.x line as I'm using
it in production since it's out (w/o any problems so far).

Well, it looks like 1.4.15 is already stable on x86.

trapni: as stated, in the future please don't bump stuff straight to stable.

Removing SPARC as 1.4.15 works and was already keyworded stable

trapni is in the amd64 team, so that works with me

CVE-2006-1498

Bad Product/component

1.4.15 tested and found ok on ppc, so the ppc keyword can stay. 

ready for glsa decision. weak yes here, mainly because we issued GLSAs for XSS
in mediawiki in the past.

(In reply to comment #12)
> ready for glsa decision. weak yes here, mainly because we issued GLSAs for XSS
> in mediawiki in the past.
> 

Last one was on 2005-07-20, AFAIK.

Vote 0.5 yes.

Tend to vote YES on this one.

XSS and injection in publically-writeable websites (forums, wikis...) is evil.
So I vote yes.

GLSA 200604-01

Thanks everybody.