1
Candidate: CVE-2015-6729
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6729
5
https://phabricator.wikimedia.org/T97391
6
http://www.openwall.com/lists/oss-security/2015/08/27
8
Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before
9
1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote
10
attackers to inject arbitrary web script or HTML via the rel404 parameter,
11
which is not properly handled in an error page.
16
Discovered-by: John Menerick
20
upstream: https://phab.wmfusercontent.org/file/data/zm24swymokh5ac5bqsms/PHID-FILE-n2jrbxtlmei74wxmvbsa/T97391.patch
21
upstream_mediawiki: needed
22
precise_mediawiki: ignored (reached end-of-life)
23
precise/esm_mediawiki: DNE (precise was needed)
24
trusty_mediawiki: needed
25
vivid_mediawiki: ignored (reached end-of-life)
26
vivid/stable-phone-overlay_mediawiki: DNE
27
vivid/ubuntu-core_mediawiki: DNE
28
wily_mediawiki: ignored (reached end-of-life)
30
yakkety_mediawiki: ignored (reached end-of-life)
31
zesty_mediawiki: ignored (reached end-of-life)
32
artful_mediawiki: needed
33
bionic_mediawiki: needed
34
devel_mediawiki: needed