oss-sec mailing list archives
CVE Request -- MediaWiki - v1.15.2
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Tue, 09 Mar 2010 21:46:31 +0100
Hi Steve, vendors, MediaWiki upstream has released latest v1.15.2 version: [1] http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html fixing two security issues (from upstream advisory): a, a CSS validation issue was discovered which allows editors to display external images in wiki pages. b, a data leakage vulnerability was discovered in thumb.php which affects wikis which restrict access to private files using img_auth.php, or some similar scheme. References: [2] http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html [3] http://secunia.com/advisories/38856/ [4] http://download.wikimedia.org/mediawiki/1.15/mediawiki-1.15.2.patch.gz Could you allocate CVE ids for these? Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request -- MediaWiki - v1.15.2 Jan Lieskovsky (Mar 09)
- Re: CVE Request -- MediaWiki - v1.15.2 Nico Golde (Mar 16)
- Re: CVE Request -- MediaWiki - v1.15.2 Henri Salo (Mar 23)
- Re: CVE Request -- MediaWiki - v1.15.2 Steven M. Christey (Mar 30)