Updated mediawiki packages fix security vulnerability
Publication date: 28 Apr 2014Modification date: 08 May 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-2853
Description
Updated mediawiki packages fix security vulnerability: XSS vulnerability in MediaWiki before 1.22.6, where if the default sort key is set to a string containing a script, the script will be executed when the page is viewed using the info action (CVE-2014-2853).
References
SRPMS
4/core
- mediawiki-1.22.6-1.mga4
3/core
- mediawiki-1.22.6-1.mga3