Upstream has announced version 1.23.16 on April 6: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html Updated package uploaded for Mageia 5. Advisory: ======================== Updated mediawiki packages fix security vulnerabilities: API parameters may now be marked as "sensitive" to keep their values out of the logs (CVE-2017-0361). "Mark all pages visited" on the watchlist now requires a CSRF token (CVE-2017-0362). Special:UserLogin and Special:Search allow redirect to interwiki links (CVE-2017-0363, CVE-2017-0364). XSS in SearchHighlighter::highlightText() when $wgAdvancedSearchHighlighting is true (CVE-2017-0365). SVG filter evasion using default attribute values in DTD declaration (CVE-2017-0366). Escape content model/format url parameter in message (CVE-2017-0368). Sysops can undelete pages, although the page is protected against it (CVE-2017-0369). Spam blacklist ineffective on encoded URLs inside file inclusion syntax's link parameter (CVE-2017-0370). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0361 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0362 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0363 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0364 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0365 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0366 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0368 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0369 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0370 https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html ======================== Updated packages in core/updates_testing: ======================== mediawiki-1.23.16-1.mga5 mediawiki-mysql-1.23.16-1.mga5 mediawiki-pgsql-1.23.16-1.mga5 mediawiki-sqlite-1.23.16-1.mga5 from mediawiki-1.23.16-1.mga5.src.rpm
Testing procedure: https://wiki.mageia.org/en/QA_procedure:Mediawiki
Whiteboard: (none) => has_procedure
Whiteboard: has_procedure => has_procedure advisoryCC: (none) => davidwhodgins
Testing complete on Mageia 5 i586 using the procedure from http://webcache.googleusercontent.com/search?q=cache:TCVt850hKyMJ:https://wiki.mageia.org/en/QA_procedure:Mediawiki%2Bmageia+QA_procedure:Mediawiki&num=100&client=opera&hs=cDE&channel=suggest&hl=en&ct=clnk Testing x86_64 shortly.
Whiteboard: has_procedure advisory => has_procedure advisory MGA5-32-OK
Validating the update.
Keywords: (none) => validated_updateWhiteboard: has_procedure advisory MGA5-32-OK => has_procedure advisory MGA5-32-OK MGA5-64-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0110.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED