oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request -- MediaWiki - v1.15.2

From: Henri Salo <henri () nerv fi>
Date: Wed, 24 Mar 2010 07:57:43 +0200
On Tue, 09 Mar 2010 21:46:31 +0100
Jan Lieskovsky <jlieskov () redhat com> wrote:


Hi Steve, vendors,

   MediaWiki upstream has released latest v1.15.2 version:
     [1]
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html

   fixing two security issues (from upstream advisory):
   a, a CSS validation issue was discovered which allows editors to
display external images in wiki pages.
   b, a data leakage vulnerability was discovered in thumb.php which
affects wikis which restrict access to private files using
img_auth.php, or some similar scheme.

References:
   [2]
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html
[3] http://secunia.com/advisories/38856/ [4]
http://download.wikimedia.org/mediawiki/1.15/mediawiki-1.15.2.patch.gz

Could you allocate CVE ids for these?

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team


Has these been assigned? There has been security fixes in
Linux- distributions for example Debian[1] without CVE.

1: http://lists.debian.org/debian-security-announce/2010/msg00062.html

---
Henri Salo
Previous By Date Next
Previous By Thread Next

Current thread: