Community Packages

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#44489 - [mediawiki] multiple security issues in the current version

Attached to Project: Community Packages
Opened by Christian Rebischke (Shibumi) - Tuesday, 07 April 2015, 15:56 GMT
Last edited by Levente Polyak (anthraxx) - Thursday, 09 April 2015, 21:31 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Sergej Pupykin (sergej)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No


There are multiple security issues in the current mediawiki version:

CVE-2015-2931 CVE-2015-2932 CVE-2015-2933 CVE-2015-2934 CVE-2015-2935 CVE-2015-2936 CVE-2015-2937 CVE-2015-2938 CVE-2015-2939 CVE-2015-2940 CVE-2015-2941 CVE-2015-2942

The most vulnerabilities are XSS and Dos. But there is one privilege escalation too.

====== overview over all CVEs

best regards

Christian Rebischke

Achlinux CVE monitoring team
This task depends upon

Closed by  Levente Polyak (anthraxx)
Thursday, 09 April 2015, 21:31 GMT
Reason for closing:  Not a bug
Additional comments about closing:  Already fixed in mediawiki 1.24.2-1 as also mentioned in the oss-sec thread.