CVE request: mediawiki 1.16.3

[Vincent Danen <vdanen () redhat com>]

Mediawiki 1.16.3 has been released with three noted flaws:

1) XSS with IE <= 6 due to improper handling of uploaded file names
2) CSS validation error in wikitext parser
3) transwiki import neglects to perform access control checks

Can CVE names be assigned to these issues?

http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000096.html

Thanks.

--
Vincent Danen / Red Hat Security Response Team