The MediaWiki 1.19.18, 1.22.9, and 1.23.2 releases fix the following security issues: "" * (bug 68187) SECURITY: Prepend jsonp callback with comment. * (bug 66608) SECURITY: Fix for XSS issue in bug 66608: Generate the URL used for loading a new page in Javascript,instead of relying on the URL in the link that has been clicked. * (bug 65778) SECURITY: Copy prevent-clickjacking between OutputPage and ParserOutput. "" References: http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-July/000157.html
Created mediawiki tracking bugs for this issue: Affects: fedora-all [bug 1125112] Affects: epel-5 [bug 1125113]
Created mediawiki119 tracking bugs for this issue: Affects: epel-5 [bug 1125114] Affects: epel-6 [bug 1125115]
MITRE has assigned below CVEs to the issues: * (bug 68187) SECURITY: Prepend jsonp callback with comment. - CVE-2014-5241 * (bug 66608) SECURITY: Fix for XSS issue in bug 66608: Generate the URL used for loading a new page in Javascript,instead of relying on the URL in the link that has been clicked. - CVE-2014-5242 * (bug 65778) SECURITY: Copy prevent-clickjacking between OutputPage and ParserOutput. - CVE-2014-5243
mediawiki-1.23.2-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
mediawiki-1.23.2-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
mediawiki119-1.19.20-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
Fixed previously