http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_13_2/phase3/RELEASE-NOTES 1.11.* is not affected, so we only need bumps for the ~-versions.
*** Bug 239488 has been marked as a duplicate of this bug. ***
Impact: XSS Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0, and possibly other versions before 1.13.2 allows remote attackers to inject arbitrary web script or HTML via the useskin parameter to an unspecified component.
mediawiki 1.12.1 and 1.13.2 are in the tree. Affected versions removed. Done.
thanks, closing then.