From ${URL} : https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-September/000161.html * (bug 69008) SECURITY: Enhance CSS filtering in SVG files. Filter <style> elements; normalize style elements and attributes before filtering; add checks for attributes that contain css; add unit tests for html5sec and reported bugs. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Newer releases fixing another security issue are in the tree. Arches, please stabilize: =www-apps/mediawiki-1.19.20 =www-apps/mediawiki-1.22.12 =www-apps/mediawiki-1.23.5
amd64 stable
x86 stable
ppc stable. Maintainer(s), please cleanup. Security, please vote.
Adding to existing GLSA draft.
CVE-2014-7199 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7199): Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.19, 1.22.x before 1.22.11, and 1.23.x before 1.23.4 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file.
This issue was resolved and addressed in GLSA 201502-04 at http://security.gentoo.org/glsa/glsa-201502-04.xml by GLSA coordinator Kristian Fiskerstrand (K_F).