CVE-2010-1150 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1150): MediaWiki before 1.15.3, and 1.6.x before 1.16.0beta2, does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to conduct phishing attacks by arranging for a victim to login to the attacker's account and then execute a crafted user script, related to a "login CSRF" issue.
I added mediawiki-1.15.5 to the tree a couple days ago which has fixes for this issue.
A fixed package was stabilized via bug 366685. GLSA Vote: no.
no too, and closing.