MediaWiki 1.16.3 corrected several security issues:
And from oss-security:
> 1) XSS with IE <= 6 due to improper handling of uploaded file names
> > 2) CSS validation error in wikitext parser
> > 3) transwiki import neglects to perform access control checks
Thanks for the quick bump. Unfortunately, the XSS fix was incomplete and 1.16.4 was released.
Bumped to 1.16.4 in CVS.
(In reply to comment #1)
> Bumped to 1.16.4 in CVS.
Great, thank you.
Arches, please test and mark stable:
Target keywords : "amd64 ppc sparc x86"
CVE assigned for incomplete fix per http://www.openwall.com/lists/oss-security/2011/04/18/5.
----- Original Message -----
> Looks as though Mediawiki 1.16.3 did not fully fix the CVE-2011-1578
> issue (XSS), so 1.16.4 has been released:
> Could a CVE name get assigned to this?
Please use CVE-2011-1587.
x86 stable. Thanks
Marked ppc stable.
amd64 done. Thanks Agostino
Thanks, everyone. GLSA Vote: no.
Vote: NO. Closing noglsa.