MGASA-2017-0110

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2017-0110.html

Import Source

https://advisories.mageia.org/MGASA-2017-0110.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2017-0110

Related

Published

2017-04-16T06:29:12Z

Modified

2017-04-16T06:15:43Z

Summary

Updated mediawiki packages fix security vulnerability

Details

API parameters may now be marked as "sensitive" to keep their values out of the logs (CVE-2017-0361).

"Mark all pages visited" on the watchlist now requires a CSRF token (CVE-2017-0362).

Special:UserLogin and Special:Search allow redirect to interwiki links (CVE-2017-0363, CVE-2017-0364).

XSS in SearchHighlighter::highlightText() when $wgAdvancedSearchHighlighting is true (CVE-2017-0365).

SVG filter evasion using default attribute values in DTD declaration (CVE-2017-0366).

Escape content model/format url parameter in message (CVE-2017-0368).

Sysops can undelete pages, although the page is protected against it (CVE-2017-0369).

Spam blacklist ineffective on encoded URLs inside file inclusion syntax's link parameter (CVE-2017-0370).

References

Credits

Affected packages

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.23.16-1.mga5

{
    "section": "core"
}