Upstream has announced version 1.23.15 on August 23: https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html Updated packages uploaded for Mageia 5 and Cauldron. Advisory: ======================== Updated mediawiki packages fix security vulnerabilities: Check read permission when loading page content in ApiParse (CVE-2016-6331) Make blocks log users out if $wgBlockDisablesLogin is true (CVE-2016-6332) Make $wgBlockDisablesLogin also restrict logged in permissions (CVE-2016-6332) Require login to preview user CSS pages (CVE-2016-6333) Escape '<' and ']]>' in inline <style> blocks (CVE-2016-6333) XSS in unclosed internal links (CVE-2016-6334) API: Generate head items in the context of the given title (CVE-2016-6335) Do not allow undeleting a revision deleted file if it is the top file (CVE-2016-6336) The mediawiki package has been updated to version 1.23.15, which contains the above fixes. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6331 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6332 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6333 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6334 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6335 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6336 https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html ======================== Updated packages in core/updates_testing: ======================== mediawiki-1.23.15-1.mga5 mediawiki-mysql-1.23.15-1.mga5 mediawiki-pgsql-1.23.15-1.mga5 mediawiki-sqlite-1.23.15-1.mga5 from mediawiki-1.23.15-1.mga5.src.rpm
Testing procedure: https://wiki.mageia.org/en/QA_procedure:Mediawiki
Whiteboard: (none) => has_procedure
Tested on Mageia 5 i586, under virtualbox
Keywords: (none) => validated_updateWhiteboard: has_procedure => has_procedure advisory MGA5-32-OKCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0305.html
Status: NEW => RESOLVEDResolution: (none) => FIXED