www-apps/mediawiki-1.4.6 version/security bump 1.4.6 released 2005-07-07: Stable series security and bugfix release MediaWiki 1.4.6 is a bug fix and security update release. Incorrect escaping of a parameter in the page move template could be used to inject JavaScript code by getting a victim to visit a maliciously constructed URL. Users of vulnerable releases are recommended to upgrade to this release. Vulnerable versions: * 1.5 preview series: n <= 1.5beta2 vulnerable, fixed in 1.5beta3 * 1.4 stable series: 1.4beta6 <= n <= 1.4.5 vulnerable, fixed in 1.4.6 * 1.3 legacy series: not vulnerable This release also includes fixes for some rare bug annoying HTTP errors, a PHP 4.1.2 breakage bug, and works around some template limitations introduced in 1.4.5.
www-apps please bump.
trapni?
*mediawiki-1.4.7 (16 Jul 2005) 16 Jul 2005; Christian Parpart <trapni@gentoo.org> +mediawiki-1.4.7.ebuild: version bump
Thx, this one is ready for GLSA vote. I tend to vote YES (prior GLSAs).
agreed, 1/2 vote for a GLSA from me too
Go GLSA go
arrrr! sorry, I missed you :)
GLSA 200507-18