MDVSA-2014:198: mediawiki

Updated mediawiki packages fix security vulnerability:

MediaWiki before 1.23.4 is vulnerable to cross-site scripting due to
JavaScript injection via CSS in uploaded SVG files (CVE-2014-7199).

MediaWiki before 1.23.5 is vulnerable to cross-site scripting due to
JavaScript injection via user-specificed CSS in certain special pages
(CVE-2014-7295).

007 Software

MDVSA-2014:198: mediawiki

Software and Security Information