Gentoo Linux Security Advisory 201310-21 - Multiple vulnerabilities have been found in MediaWiki, the worst of which could lead to Denial of Service. Versions less than 1.21.2 are affected.
ac99ffc7a59e19273c6f7c08c59b9e2e2bc135cfd07f27fd127001d0bd0ca8d6
Mandriva Linux Security Advisory 2013-235 - Multiple vulnerabilities has been discovered and corrected in mediawiki. Full path disclosure in MediaWiki before 1.20.7, when an invalid language is specified in ResourceLoader. Several API modules in MediaWiki before 1.20.7 allowed anti-CSRF tokens to be accessed via JSONP. An issue with the MediaWiki API in MediaWiki before 1.20.7 where an invalid property name could be used for XSS with older versions of Internet Explorer. Several unspecified security issues were fixed with the 1.20.6 version. This replaces the MediaWiki 1.16.5 version, which has been EOL upstream for quite some time now, that was shipped with MBS 1. MediaWiki removed the Math extension for the 1.18 release, but it is now available separately. It has been packaged in the mediawiki-math package. The mediawiki-graphviz and mediawiki-ldapauthentication packages have also been updated to work with the new MediaWiki packages. The updated packages provides a solution to these issues.
59975cc64e426aac4d28c6370707a149449b05281ac9ce4423d50df3c6b488da
Debian Linux Security Advisory 2753-1 - It was discovered that in Mediawiki, a wiki engine, several API modules allowed anti-CSRF tokens to be accessed via JSONP. These tokens protect against cross site request forgeries and are confidential.
48974ef0719214c241b3c1f2c20f0ed60828b426c7894f1ff79b784caed12264