{"id":"MGASA-2013-0368","summary":"Updated mediawiki packages fix security vulnerabilities","details":"Updated mediawiki packages fix security vulnerabilities:\n\nKevin Israel (Wikipedia user PleaseStand) identified and reported two\nvectors for injecting Javascript in CSS that bypassed MediaWiki's blacklist\n(CVE-2013-4567, CVE-2013-4568).\n\nInternal review while debugging a site issue discovered that MediaWiki\nand the CentralNotice extension were incorrectly setting cache headers when\na user was autocreated, causing the user's session cookies to be cached,\nand returned to other users (CVE-2013-4572).\n","modified":"2026-04-16T06:23:12.207815898Z","published":"2013-12-12T22:21:01Z","upstream":["CVE-2013-4567","CVE-2013-4568","CVE-2013-4572"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2013-0368.html"},{"type":"WEB","url":"http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=11854"}],"affected":[{"package":{"name":"mediawiki","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/mediawiki?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.20.8-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0368.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}