Fedora 21 Security Update: mediawiki-1.24.1-1.fc21

Resolved Bugs
1175828 – mediawiki: multiple vulnerabilities
1175829 – mediawiki: multiple vulnerabilities [fedora-all]<br
* (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which could lead to xss. Permission to edit MediaWiki namespace is required to exploit this.rn* (bug T77028) [SECURITY] Malicious site can bypass CORS restrictions in $wgCrossSiteAJAXdomains in API calls if it only included an allowed domain as part of its name.rn* (bug T74222) The original patch for T74222 was reverted as unnecessary.rn* Fixed a couple of entries in RELEASE-NOTES-1.24.rn* (bug T76168) OutputPage: Add accessors for some protected properties.rn* (bug T74834) Make 1.24 branch directly installable under PostgreSQL.

Leave a Reply