FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mediawiki -- multiple vulnerabilities

Affected packages
mediawiki123 < 1.23.10
mediawiki124 < 1.24.3
mediawiki125 < 1.25.2


VuXML ID 6241b5df-42a1-11e5-93ad-002590263bf5
Discovery 2015-08-10
Entry 2015-08-14
Modified 2015-12-24

MediaWiki reports:

Internal review discovered that Special:DeletedContributions did not properly protect the IP of autoblocked users. This fix makes the functionality of Special:DeletedContributions consistent with Special:Contributions and Special:BlockList.

Internal review discovered that watchlist anti-csrf tokens were not being compared in constant time, which could allow various timing attacks. This could allow an attacker to modify a user's watchlist via csrf

John Menerick reported that MediaWiki's thumb.php failed to sanitize various error messages, resulting in xss.


CVE Name CVE-2013-7444
CVE Name CVE-2015-6727
CVE Name CVE-2015-6728
CVE Name CVE-2015-6729
CVE Name CVE-2015-6730
CVE Name CVE-2015-6731
CVE Name CVE-2015-6733
CVE Name CVE-2015-6734
CVE Name CVE-2015-6735
CVE Name CVE-2015-6736
CVE Name CVE-2015-6737