From ${URL} : Description Two vulnerabilities have been reported in MediaWiki, which can be exploited by malicious people to potentially disclose sensitive information and compromise a vulnerable system. 1) An error during SVG parsing can be exploited to disclose contents of certain local files. This vulnerability can be exploited to execute arbitrary commands if expect:// handling is enabled. 2) An error within Special:Import and Extension:RSS when parsing XML entities can potentially be exploited to e.g. disclose contents of certain local files. The vulnerabilities are reported in versions prior to 1.20.4 and 1.19.5. Solution Update to version 1.20.4 or 1.19.5. Provided and/or discovered by 1) The vendor credits Daniel Franke. 2) Reported by the vendor. Original Advisory http://www.gossamer-threads.com/lists/wiki/mediawiki-announce/350229 @maintainer(s): after the bump, please say explicitly if the package is ready for the stabilization or not
Again, do NOT mark things CONFIRMED when your script doesn't set a whiteboard. *** This bug has been marked as a duplicate of bug 466124 ***
(In reply to comment #1) > Again, do NOT mark things CONFIRMED when your script doesn't set a > whiteboard. > > *** This bug has been marked as a duplicate of bug 466124 *** strike that. new bugzilla statuses--