Common Vulnerabilities and Exposures assigned an identifier CVE-2008-4408 to the following vulnerability: Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0, and possibly other versions before 1.13.2 allows remote attackers to inject arbitrary web script or HTML via the useskin parameter to an unspecified component. References: http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_13_2/phase3/RELEASE-NOTES http://openwall.com/lists/oss-security/2008/10/02/3
mediawiki-1.13.2-41.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
mediawiki-1.13.2-40.99.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
Why didn't bodhi close this automatically?
Because it treats bugs filed against 'Security Response' product in a special way. Those bugs are used to track security issues across all "products", both Fedora and Red Hat products, so bodhi currently does not have a good way to know if there is still some product where this flaw needs to be addressed. So it's intentional.
This issue was addressed in: Fedora: https://admin.fedoraproject.org/updates/F8/FEDORA-2008-8678 https://admin.fedoraproject.org/updates/F9/FEDORA-2008-8639