* (T232568, CVE-2020-25813) SECURITY: SpecialUserrights: If a viewer lacks `hideuser`, ignore hidden users. * (T255918, CVE-2020-25812) SECURITY: Unescaped message used in HTML on Special:Contributions. * (T256171, CVE-2020-25815) SECURITY: Unescaped message used in HTML within LogEventsList. * (T258763, CVE-2020-17367, CVE-2020-17368) SECURITY: Prevent invoking firejail's --output functionality. * (T86738, CVE-2020-25814) SECURITY: mediawiki.jqueryMsg: Sanitize URLs and 'style' attribute. * (T115888, CVE-2020-25828) SECURITY: mediawiki.js: Escape HTML in mw.message( ... ).parse(). * (T260485, CVE-2020-25869) SECURITY: ActorMigration: Load user from the correct database. * (T260485, CVE-2020-25869) SECURITY: ensure actor ID from correct wiki is used. * (T251661, CVE-2020-25827) SECURITY: TOTP throttle not enforced cross-wiki.
Ready?
yes
ppc stable
x86 stable
amd64 stable. Maintainer(s), please cleanup. Security, please vote.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d0b4ec45bfca69e7a9ef9d1ae5cf32bf051b1724 commit d0b4ec45bfca69e7a9ef9d1ae5cf32bf051b1724 Author: Miroslav Šulc <fordfrog@gentoo.org> AuthorDate: 2020-10-09 11:51:59 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2020-10-09 11:51:59 +0000 www-apps/mediawiki: removed obsolete and vulnerable 1.34.2 Bug: https://bugs.gentoo.org/745438 Package-Manager: Portage-3.0.8, Repoman-3.0.1 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> www-apps/mediawiki/Manifest | 1 - www-apps/mediawiki/mediawiki-1.34.2.ebuild | 86 ------------------------------ 2 files changed, 87 deletions(-)
Unable to check for sanity: > no match for package: www-apps/mediawiki-1.34.4
GLSA Vote: No Repository is clean, all done!