1) CVE-2020-10960 Description: "In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler to any Cascading Style Sheets (CSS) selector. There is no known way to exploit this for cross-site scripting (XSS)." "SECURITY: jquery.makeCollapsible allows applying event handler to any CSS selector." Bug: https://phabricator.wikimedia.org/T246602 2) CVE-2020-10959 Description: "User content can redirect the logout button to different URL" Bug: https://phabricator.wikimedia.org/T232932 3) XSS on Special:UserRights Description: "SECURITY: Fix HTML escaping in UserGroupMembership::getLink()." Bug: https://phabricator.wikimedia.org/T236509
@maintainer(s), please advise if ready for stabilisation, or call yourself.
Thanks!
amd64 stable
ppc stable
x86 stable. Maintainer(s), please cleanup. Security, please vote.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3aab280b1d8d344e9067c17352eab7c2bad5cdca commit 3aab280b1d8d344e9067c17352eab7c2bad5cdca Author: Miroslav Šulc <fordfrog@gentoo.org> AuthorDate: 2020-04-12 04:37:49 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2020-04-12 04:37:49 +0000 www-apps/mediawiki: removed old vulnerable 1.34.0 Bug: https://bugs.gentoo.org/716752 Package-Manager: Portage-2.3.98, Repoman-2.3.22 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> www-apps/mediawiki/Manifest | 1 - www-apps/mediawiki/mediawiki-1.34.0.ebuild | 79 ------------------------------ 2 files changed, 80 deletions(-)
Resetting sanity check; package list is empty or all packages are done.
I think we can classify these as XSS, so noglsa. @robbat2, can you verify wiki.*'s fork isn't vulnerable to these?
