AVG-491 log

Package mediawiki
Status Fixed
Severity Critical
Type arbitrary code execution
Affected 1.28.2-1
Fixed 1.28.3-1
Current 1.41.0-1 [extra]
Ticket None
Created Wed Nov 15 09:59:48 2017
Issue Severity Remote Type Description
CVE-2017-9841 Critical Yes Arbitrary code execution
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning...
References
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
https://phabricator.wikimedia.org/T180231
Notes
only affects version 1.27 and 1.28