oss-sec mailing list archives
Re: CVE Request -- MediaWiki - v1.15.2
From: Nico Golde <oss-security+ml () ngolde de>
Date: Tue, 16 Mar 2010 10:37:31 +0100
Hey, * Jan Lieskovsky <jlieskov () redhat com> [2010-03-09 21:52]:
MediaWiki upstream has released latest v1.15.2 version:
[1]
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html
fixing two security issues (from upstream advisory):
a, a CSS validation issue was discovered which allows editors to display
external images in wiki pages.
b, a data leakage vulnerability was discovered in thumb.php which affects
wikis which restrict access to private files using img_auth.php, or
some similar scheme.
Have CVE ids already been assigned to these issues? Cheers Nico -- Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0xA0A0AAAA For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
_bin
Description:
Current thread:
- CVE Request -- MediaWiki - v1.15.2 Jan Lieskovsky (Mar 09)
- Re: CVE Request -- MediaWiki - v1.15.2 Nico Golde (Mar 16)
- Re: CVE Request -- MediaWiki - v1.15.2 Henri Salo (Mar 23)
- Re: CVE Request -- MediaWiki - v1.15.2 Steven M. Christey (Mar 30)