Re: CVE request: mediawiki

[Josh Bressers <bressers () redhat com>]

----- Original Message -----
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I would like to announce the release of MediaWiki 1.16.5. Two security
> issues were discovered.
>
> The first issue is yet another recurrence of the Internet Explorer 6
> XSS vulnerability that caused the release of 1.16.4. It was pointed
> out that there are dangerous extensions with more than four
> characters, so the regular expressions we introduced had to be updated
> to match longer extensions.
>
> For more details, see
> https://bugzilla.wikimedia.org/show_bug.cgi?id=28534

Use CVE-2011-1765

> The second issue allows unauthenticated users to gain additional
> rights, on wikis where $wgBlockDisablesLogin is enabled. By default,
> it is disabled. The issue occurs when a malicious user sends cookies
> which contain the user name and user ID of a "victim" account. In
> certain circumstances, the rights of the victim are loaded and persist
> throughout the malicious request, allowing the malicious user to
> perform actions with the victim's rights.
>
> $wgBlockDisablesLogin is a feature which is sometimes used on private
> wikis to prevent users who have an account from logging in and viewing
> content on the wiki.
>
> For more details, see
> https://bugzilla.wikimedia.org/show_bug.cgi?id=28639

Use CVE-2011-1766

Thanks.

-- 
    JB