CVE-2010-1647 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1647): Cross-site scripting (XSS) vulnerability in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) strings that are processed as script by Internet Explorer.
CVE-2010-1648 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1648): Cross-site request forgery (CSRF) vulnerability in the login interface in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to hijack the authentication of users for requests that (1) create accounts or (2) reset passwords, related to the Special:Userlogin form.
What do we need to do to get MediaWiki 1.15.4 into the tree? That will address this bug and bug 316701. 1.15.4 is out since late May.
1.15.5 out since 7/28/2010.
Buuuuuuuuuuump. If no one cares about this packet, maybe we should remove it from the tree?
(In reply to comment #4) > Buuuuuuuuuuump. > If no one cares about this packet, maybe we should remove it from the tree? I've added mediawiki-1.15.5 to the tree.
Arches please test and mark stable =www-apps/mediawiki-1.15.5. Target keywords: amd64, ppc, sparc, x86
amd64/x86 stable
ppc done
sparc stable
Thanks, folks. Closing noglsa for XSS.