The MediaWiki 1.23.7, 1.22.14, and 1.19.22 releases fix a number of security flaws: https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-November/000170.html The fixed versions are already in Fedora and EPEL 6 testing.
Created mediawiki119 tracking bugs for this issue: Affects: epel-5 [bug 1170031]
CVE request: http://seclists.org/oss-sec/2014/q4/886
MITRE assigned CVE-2014-9276 and CVE-2014-9277 to these issues: http://seclists.org/oss-sec/2014/q4/905
MITRE has assigned CVE-2014-9507 to the following issue: MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks by setting the content model for a revision to JS. Reference: CONFIRM:https://phabricator.wikimedia.org/T72901
Fixed previously