Upstream has announced version 1.23.5 on October 1: https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-October/000163.html I haven't seen a CVE request yet. I'll hold off on an advisory for now, so see the upstream one. I've checked it into SVN for Mageia 3, Mageia 4, and Cauldron, and sent a freeze push request. Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA3TOO
CVE request: http://www.openwall.com/lists/oss-security/2014/10/02/29 I've pushed this to the build system and the previous update isn't pushed, so we'll have to handle QA testing it in the other bug (Bug 14182).
Depends on: (none) => 14182
Depends on: 14182 => (none)
Actually I'll just mark this as a duplicate. *** This bug has been marked as a duplicate of bug 14182 ***
Status: NEW => RESOLVEDResolution: (none) => DUPLICATE