1
Candidate: CVE-2015-2941
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2941
5
https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
6
http://www.openwall.com/lists/oss-security/2015/04/01/1
8
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x
9
before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote
10
attackers to inject arbitrary web script or HTML via an invalid parameter
11
in a wddx format request to api.php, which is not properly handled in an
12
error message, related to unsafe calls to wddx_serialize_value.
21
upstream_mediawiki: released (1:1.19.20+dfsg-2.3)
22
lucid_mediawiki: ignored (reached end-of-life)
23
precise_mediawiki: ignored (reached end-of-life)
24
precise/esm_mediawiki: DNE (precise was needed)
25
trusty_mediawiki: needed
26
utopic_mediawiki: ignored (reached end-of-life)
27
vivid_mediawiki: ignored (reached end-of-life)
28
vivid/stable-phone-overlay_mediawiki: DNE
29
vivid/ubuntu-core_mediawiki: DNE
30
wily_mediawiki: ignored (reached end-of-life)
32
yakkety_mediawiki: ignored (reached end-of-life)
33
zesty_mediawiki: ignored (reached end-of-life)
34
artful_mediawiki: needed
35
bionic_mediawiki: needed
36
devel_mediawiki: needed