+++ This bug was initially created as a clone of Bug #508976 +++ == Security == * (bug 65839) SECURITY: Prevent external resources in SVG files. URLs not yet available.
worst consequence of this is possible pingback, so maybe it doesn't even qualify as B4 also, afaict, firefox doesn't load these anyways: https://bugzilla.mozilla.org/show_bug.cgi?id=628747
*mediawiki-1.23.1 (26 Jun 2014) *mediawiki-1.22.8 (26 Jun 2014) *mediawiki-1.21.11 (26 Jun 2014) *mediawiki-1.19.17 (26 Jun 2014) 26 Jun 2014; Tim Harder <radhermit@gentoo.org> +mediawiki-1.19.17.ebuild, +mediawiki-1.21.11.ebuild, +mediawiki-1.22.8.ebuild, +mediawiki-1.23.1.ebuild: Security bumps (bug #515138).
Looks like this issue will likely not get a CVE due to this [1] correspondence. With that being said, I will add this bug to the GLSA just to be safe. [1] http://www.openwall.com/lists/oss-security/2014/06/27/18
This issue was resolved and addressed in GLSA 201502-04 at http://security.gentoo.org/glsa/glsa-201502-04.xml by GLSA coordinator Kristian Fiskerstrand (K_F).