Reproduction instructions for the XSS are included in the original bug report: https://phabricator.wikimedia.org/T347726 Fixes are in 1.39.6 and 1.40.2 according to URL, please stabilize.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b1c7587e5cde9b327dca8945dd1e0f445598aff0 commit b1c7587e5cde9b327dca8945dd1e0f445598aff0 Author: Miroslav Šulc <fordfrog@gentoo.org> AuthorDate: 2023-12-22 10:02:18 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2023-12-22 10:02:36 +0000 www-apps/mediawiki: dropped obsolete and vulnerable 1.39.5 & 1.40.1 Bug: https://bugs.gentoo.org/920511 Bug: https://bugs.gentoo.org/920504 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> www-apps/mediawiki/Manifest | 2 - www-apps/mediawiki/mediawiki-1.39.5.ebuild | 90 ----------------------------- www-apps/mediawiki/mediawiki-1.40.1.ebuild | 92 ------------------------------ 3 files changed, 184 deletions(-)
the tree is clean now, you can proceed.
