Hello mediawiki shoud be upgraded in the portage with the followings versions - 1.5.8 - 1.4.15 - 1.3.18 As described on the homepage (http://www.mediawiki.org/wiki/MediaWiki) there some html/xss injections. Older versions may be removed from the portage ?
hi web-apps, do you want to provide an ebuild for 1.4.15 or should we go for a stable marking of 1.5.8?
I'd vote for both. Although, I already bumped 1.5.8 as it came out, but I must have missed the 1.4.15 release. 1.4.15 is in the tree now as well. thanks for the notice :) (I do not close this bug as it's kinda security-assigned, so please do so if you feel fine with all)
arches, please test and mark 1.4.15 or 1.5.8 stable, thank you.
trapni, please dont bump security bugs directly to stable. Would you or somebody from the arches team please remove the stable keywords for any arch this wasnt tested on? Thanks.
um, yeah, okay - as it was a security (bugfix only) release, and 1.4.14 were already marked stable I didn't mind in unstable-marking them all. For amd64 I could speak that it runs just fine for the 1.5.x line as I'm using it in production since it's out (w/o any problems so far).
Well, it looks like 1.4.15 is already stable on x86. trapni: as stated, in the future please don't bump stuff straight to stable.
Removing SPARC as 1.4.15 works and was already keyworded stable
trapni is in the amd64 team, so that works with me
CVE-2006-1498
Bad Product/component
1.4.15 tested and found ok on ppc, so the ppc keyword can stay.
ready for glsa decision. weak yes here, mainly because we issued GLSAs for XSS in mediawiki in the past.
(In reply to comment #12) > ready for glsa decision. weak yes here, mainly because we issued GLSAs for XSS > in mediawiki in the past. > Last one was on 2005-07-20, AFAIK. Vote 0.5 yes.
Tend to vote YES on this one.
XSS and injection in publically-writeable websites (forums, wikis...) is evil. So I vote yes.
GLSA 200604-01 Thanks everybody.