FEDORA-2017-3fb95ed01f created by mooninite 2 years ago for Fedora 25
  • (T109140) (T122209) Special:UserLogin and Special:Search allow redirect to interwiki links. (CVE-2017-0363, CVE-2017-0364)
  • (T144845) XSS in SearchHighlighter::highlightText() when $wgAdvancedSearchHighlighting is true. (CVE-2017-0365)
  • (T125177) API parameters may now be marked as "sensitive" to keep their values out of the logs. (CVE-2017-0361)
  • (T150044) "Mark all pages visited" on the watchlist now requires a CSRF token. (CVE-2017-0362)
  • (T156184) Escape content model/format url parameter in message. (CVE-2017-0368)
  • (T151735) SVG filter evasion using default attribute values in DTD declaration. (CVE-2017-0366)
  • (T48143) Spam blacklist ineffective on encoded URLs inside file inclusion syntax's link parameter. (CVE-2017-0370)
  • (T108138) Sysops can undelete pages, although the page is protected against it. (CVE-2017-0369)

The following only affects 1.27 and above and is not included in the 1.23 upgrade:

  • (T161453) LocalisationCache will no longer use the temporary directory in its fallback chain when trying to work out where to write the cache. (CVE-2017-0367)

The following fix is for the SyntaxHighlight extension:

  • (T158689) Parameters injection in SyntaxHighlight results in multiple vulnerabilities. (CVE-2017-0372)

How to install

sudo dnf upgrade --advisory=FEDORA-2017-3fb95ed01f

This update has been submitted for testing by mooninite.

2 years ago

This update has been pushed to testing.

2 years ago

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

2 years ago

This update has been submitted for stable by mooninite.

2 years ago

This update has been pushed to stable.

2 years ago

Please login to add feedback.

Content Type
Test Gating
Unstable by Karma
Stable by Karma
2 years ago
in testing
2 years ago
in stable
2 years ago

Automated Test Results