https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-September/000263.html

The 1.34.x series is now end-of-life and the 1.35.x series is a LTS release.

How to install

sudo dnf upgrade --advisory=FEDORA-2020-a4802c53d9

This update has been submitted for testing by mooninite.

4 months ago

This update's test gating status has been changed to 'ignored'.

4 months ago

This update's test gating status has been changed to 'waiting'.

4 months ago

This update's test gating status has been changed to 'ignored'.

4 months ago

This update has been pushed to testing.

4 months ago

This update can be pushed to stable now if the maintainer wishes

4 months ago

This update has been submitted for stable by mooninite.

4 months ago

This update has been pushed to stable.

4 months ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
14 days
Dates
submitted
4 months ago
in testing
4 months ago
in stable
4 months ago
BZ#1288786 php-zordius-lightncandy-1.2.5 is available
0
0
BZ#1667755 php-wikimedia-assert-0.5.0 is available
0
0
BZ#1882555 mediawiki-1.35.0 is available
0
0
BZ#1903753 CVE-2020-26120 mediawiki: XSS exists in the MobileFrontend extension [fedora-all]
0
0
BZ#1903755 CVE-2020-26121 mediawiki: attacker can import a file even when the target page is protected against page creation [fedora-all]
0
0
BZ#1903760 CVE-2020-25815 mediawiki: LogEventList::getFiltersDesc is insecurely using message text to build options names for HTML multi-select field [fedora-all]
0
0
BZ#1903762 CVE-2020-25827 mediawiki: using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level [fedora-all]
0
0
BZ#1903765 CVE-2020-25813 mediawiki: Special:UserRights exposes the existence of hidden users [fedora-all]
0
0
BZ#1903769 CVE-2020-25812 mediawiki: XSS using raw HTML [fedora-all]
0
0
BZ#1903771 CVE-2020-25869 mediawiki: handling of actor ID does not necessarily use the correct database or correct wiki leads to information disclosure [fedora-all]
0
0
BZ#1903775 CVE-2020-25814 mediawiki: XSS via javascript:payload [fedora-all]
0
0
BZ#1903778 CVE-2020-25828 mediawiki: non-jqueryMsg version of mw.message().parse() doesn't escape HTML leads to XSS [fedora-all]
0
0

Automated Test Results