MGASA-2017-0110

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2017-0110.html
Import Source
https://advisories.mageia.org/MGASA-2017-0110.json
JSON Data
https://api.test.osv.dev/v1/vulns/MGASA-2017-0110
Related
Published
2017-04-16T06:29:12Z
Modified
2017-04-16T06:15:43Z
Summary
Updated mediawiki packages fix security vulnerability
Details

API parameters may now be marked as "sensitive" to keep their values out of the logs (CVE-2017-0361).

"Mark all pages visited" on the watchlist now requires a CSRF token (CVE-2017-0362).

Special:UserLogin and Special:Search allow redirect to interwiki links (CVE-2017-0363, CVE-2017-0364).

XSS in SearchHighlighter::highlightText() when $wgAdvancedSearchHighlighting is true (CVE-2017-0365).

SVG filter evasion using default attribute values in DTD declaration (CVE-2017-0366).

Escape content model/format url parameter in message (CVE-2017-0368).

Sysops can undelete pages, although the page is protected against it (CVE-2017-0369).

Spam blacklist ineffective on encoded URLs inside file inclusion syntax's link parameter (CVE-2017-0370).

References
Credits

Affected packages

Mageia:5 / mediawiki

Package

Name
mediawiki
Purl
pkg:rpm/mageia/mediawiki?distro=mageia-5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.23.16-1.mga5

Ecosystem specific 

{
    "section": "core"
}