oss-sec mailing list archives
Re: CVE request: mwlib < 0.13.5 DoS flaw
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 05 Mar 2012 14:54:54 -0700
On 03/05/2012 10:06 AM, Vincent Danen wrote:
Could a CVE be assigned to the following please? It was reported that mwlib suffered from a flaw that could allow a remote attacker to perform a denial of service attack on a mwlib installation by forcing it to parse a specially-crafted #iferror magic function. This has been corrected in upstream version 0.13.5. References: http://groups.google.com/group/mwlib/browse_thread/thread/c2bd1cee77a8a79?hl=en http://www.google.com/url?sa=D&q=https://github.com/pediapress/mwlib/pull/10&usg=AFQjCNHgoXQUYFtEj0L8VP5K8Xn_GoTOyw https://github.com/pediapress/mwlib/commit/aa987c281c10e29f26aa0faa21c04f3bb1167fde https://bugzilla.redhat.com/show_bug.cgi?id=800064
Please use CVE-2012-1109 for this issue. -- Kurt Seifried Red Hat Security Response Team (SRT)
Current thread:
- CVE request: mwlib < 0.13.5 DoS flaw Vincent Danen (Mar 05)
- Re: CVE request: mwlib < 0.13.5 DoS flaw Kurt Seifried (Mar 05)