FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mediawiki -- multiple vulnerabilities

Affected packages
mediawiki127 < 1.27.5
mediawiki129 <= 1.29.3
mediawiki130 < 1.30.1
mediawiki131 < 1.31.1

Details

VuXML ID be1aada2-be6c-11e8-8fc6-000c29434208
Discovery 2018-08-29
Entry 2018-09-22

Mediawiki reports:

Security fixes:

T169545: $wgRateLimits entry for 'user' overrides 'newbie'.

T194605: BotPasswords can bypass CentralAuth's account lock.

T187638: When a log event is (partially) hidden Special:Redirect/logid can link to the incorrect log and reveal hidden

T193237: Special:BotPasswords should require reauthenticate.

References

CVE Name CVE-2018-0503
CVE Name CVE-2018-0504
CVE Name CVE-2018-0505
URL https://lists.wikimedia.org/pipermail/mediawiki-announce/2018-September/000223.html