I know that version 1.3.10 is already in portage, but there is also the 1.3.9 version ---------------------- Description: A vulnerability has been reported in MediaWiki, which can be exploited by malicious people to conduct cross-site scripting attacks. Some unspecified input isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site. Successful exploitation requires user to be authenticated. Solution: Update to version 1.3.10. http://sourceforge.net/project/showfiles.php?group_id=34373
InCVS and ready to fly. Security, please vote on GLSA need. "Successful exploitation requires user to be authenticated." --> I vote NO.
I vote NO. web-apps please remove old vulnerable ebuilds.
done in GLSA 200502-33