The MediaWiki 1.19.20, 1.22.12, and 1.23.5 releases fix the following security issue: "(bug 70672) SECURITY: OutputPage: Remove separation of css and js module allowance." References: https://bugzilla.wikimedia.org/show_bug.cgi?id=70672 https://gerrit.wikimedia.org/r/#/c/164271/ https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-October/000163.html
Created mediawiki tracking bugs for this issue: Affects: fedora-all [bug 1148676] Affects: epel-5 [bug 1148677]
Created mediawiki119 tracking bugs for this issue: Affects: epel-5 [bug 1148678] Affects: epel-6 [bug 1148679]
CVE request: http://seclists.org/oss-sec/2014/q4/60
MITRE assigned CVE-2014-7295 to this issue: http://seclists.org/oss-sec/2014/q4/67
mediawiki-1.23.5-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
mediawiki-1.23.5-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
mediawiki-1.23.5-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
mediawiki119-1.19.20-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
Fixed previously