oss-sec mailing list archives

clarification on CVE-2008-5687 (mediawiki)

From: Nico Golde <oss-security+ml () ngolde de>
Date: Wed, 7 Jan 2009 18:57:42 +0100

Hi,

the CVE id descriptions says:
"MediaWiki 1.11 through 1.13.3 does not properly protect..." 
while the referenced upstream announce announces 1.13.3 as a 
security update for 1.13.2. So it doesn't look like 1.13.3 
is affected.

Also looking at the patch it turns out that 1.13.3 is fixing 
this by adding an htaccess file.

The CVE id description should get an update.

Cheers
Nico

-- 
Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: _bin
Description:

Current thread:

clarification on CVE-2008-5687 (mediawiki) Nico Golde (Jan 07)
- Re: clarification on CVE-2008-5687 (mediawiki) Steven M. Christey (Jan 07)