oss-sec mailing list archives
CVE's for MediaWiki 1.20.2 / 1.19.2
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 04 Mar 2013 23:20:13 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In future if Mediawiki security wants to get CVEs easily just contact secalert () redhat com and we can provide you with CVE's in advance. http://www.mediawiki.org/wiki/Release_notes/1.20 http://www.mediawiki.org/wiki/Release_notes/1.19 (bug 44135/bug 42441) Pass '2' instead of 'true' to CURLOPT_SSL_VERIFYHOST https://bugzilla.wikimedia.org/show_bug.cgi?id=44135 https://bugzilla.wikimedia.org/show_bug.cgi?id=42441 Please use CVE-2013-1816 for this issue. (bug 43518) API action=unblock should return the user name, not the full user object https://bugzilla.wikimedia.org/show_bug.cgi?id=43518 Please use CVE-2013-1817 for this issue. 1.20.2 only: (Bug 45355) Prevent read of arbitrary files through mwdoc-filter.php https://bugzilla.wikimedia.org/show_bug.cgi?id=45355 Please use CVE-2013-1818 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRNY6dAAoJEBYNRVNeJnmT8D4QAInmJBxHEo/gQA7UYjk6wZMG 7VR33+qwyYKLkxGsj81I+ExQLKpxQhTC6P33F69n8wr9aNBTMBkHKytzou13HWgJ qNYT2NmactiH2m3ha8mMP5lPPC4QY7ljm3VLf1p83G/jKMBXR6sBz8J0llf0XS3r PUypBPVXc7ffq0PE81T4DG6f0kk3KFOPaXEZ3FNWtjVBv9YRlIKintGjRprqTddP SIq2iZGXYkKoidNQk4x8oSJ/4XppwsxGA1oz2yBrYCVbAqATqnfSfodwuXQgiuKn nlHNvcDxQaes6vLg8KTTHmkqrwkaCvR47hKOpTPdTvjnifoTdKwp/QvBrn9H2nNZ lujdm7xqbHElHUgmYpGVd0W99mXCHYey/vFTDqcqU+TnjkW4m/3Jwc8/EpdbJB74 B5TBBR5EDLO9n/u+29E/u5XLAMyxySYZpgctSdQdy5dETzS7kfRAiFJbN18N5Fgw CK5+p2EFRz9pWUhVZSamjGWHLE1aHluQeae9f8rhFnFdaomcJt3DwK9IdCU30l3o wR8Mvsc7b2n06UpG6vffF2akNM/jIfhc0DC3Yq0hr5WzDDhNRyvRmblh4wvbUDFL 7KBsPAeIRbE59Vl9uD0k8/epLQwnbX0cK40CW8+vjp3fBw+498aRT/ANZ+WIAQIZ KepwQx0eZNkluvUba35G =/tFb -----END PGP SIGNATURE-----
Current thread:
- CVE's for MediaWiki 1.20.2 / 1.19.2 Kurt Seifried (Mar 04)