{"id":"MGASA-2016-0305","summary":"Updated mediawiki packages fix security vulnerability","details":"Check read permission when loading page content in ApiParse\n(CVE-2016-6331)\n\nMake blocks log users out if $wgBlockDisablesLogin is true (CVE-2016-6332)\n\nMake $wgBlockDisablesLogin also restrict logged in permissions\n(CVE-2016-6332)\n\nRequire login to preview user CSS pages (CVE-2016-6333)\n\nEscape '\u003c' and ']]\u003e' in inline \u003cstyle\u003e blocks (CVE-2016-6333)\n\nXSS in unclosed internal links (CVE-2016-6334)\n\nAPI: Generate head items in the context of the given title (CVE-2016-6335)\n\nDo not allow undeleting a revision deleted file if it is the top file\n(CVE-2016-6336)\n\nThe mediawiki package has been updated to version 1.23.15, which contains\nthe above fixes.\n","modified":"2026-04-16T06:25:32.876729138Z","published":"2016-09-16T09:27:13Z","upstream":["CVE-2016-6331","CVE-2016-6332","CVE-2016-6333","CVE-2016-6334","CVE-2016-6335","CVE-2016-6336"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0305.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=19252"},{"type":"WEB","url":"https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html"}],"affected":[{"package":{"name":"mediawiki","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/mediawiki?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.23.15-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0305.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}