In MediaWiki before 1.23.7, a missing CSRF check could allow reflected XSS on wikis that allow raw HTML (CVE-2014-9276). MediaWiki’s mangling, in MediaWiki before 1.23.7, could allow an article editor to inject code into API consumers that blindly unserialize PHP representations of the page from the API (CVE-2014-9277). This update provides MediaWiki 1.23.7, which fixes these security issues and other bugs.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 4 | noarch | mediawiki | <Â 1.23.7-1 | mediawiki-1.23.7-1.mga4 |