mediawiki: multiple issues

• CVE-2015-8622:

(T117899) XSS from wikitext when $wgArticlePath=‘$1’. Internal review
discovered an XSS vector when MediaWiki is configured with a
non-standard configuration.

• CVE-2015-8624:

(T119309) User::matchEditToken should use constant-time string
comparison. Internal review discovered that tokens were being compared
as strings, which could allow a timing attack.

• CVE-2015-8625:

(T118032) Error thrown by VirtualRESTService when POST variable starts
with ‘@’. Internal review discovered that MediaWiki was not sanitizing
parameters passed to the curl library, which could cause curl to upload
files from the webserver to an attacker.

• CVE-2015-8626:

(T115522) Passwords generated by User::randomPassword() may be shorter
than $wgMinimalPasswordLength. MediaWiki user Frank R. Farmer reported
that the password reset token could be shorter than the minimum required
password length.

• CVE-2015-8627:

(T97897) Incorrect parsing of IPs for global block. Wikimedia steward
Vituzzu reported that blocking IP addresses with zero-padded octets
resulted in a failure to block the IP address.

• CVE-2015-8628:

(T109724) A combination of Special:MyPage redirects and pagecounts
allows an external site to know the wikipedia login of an user.
Wikimedia user Xavier Combelle reported a way to identify user, when
detailed page view data is also released.