CVE-2012-2698 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2698): Cross-site scripting (XSS) vulnerability in the outputPage function in includes/SkinTemplate.php in MediaWiki before 1.17.5, 1.8.x before 1.18.4, and 1.19.x before 1.19.1 allows remote attackers to inject arbitrary web script or HTML via the uselang parameter to index.php/Main_page. @web-apps, Christian: may we stabilize =www-apps/mediawiki-1.18.4 ?
(In reply to comment #0) > @web-apps, Christian: may we stabilize =www-apps/mediawiki-1.18.4 ? I think we can just stabilize mediawiki-1.19.1 instead.
(In reply to comment #1) > (In reply to comment #0) > > @web-apps, Christian: may we stabilize =www-apps/mediawiki-1.18.4 ? > > I think we can just stabilize mediawiki-1.19.1 instead. Thanks, Tim. Arches, please test and mark stable: =www-apps/mediawiki-1.19.1 Target Keywords: "amd64 ppc x86"
x86 stable
amd64 stable
ppc done
Thanks, everyone. Closing noglsa for XSS.