Re: CVE request: mediawiki 1.16.3

[Eugene Teo <eugene () redhat com>]

On 04/13/2011 01:51 PM, Kurt Seifried wrote:
> BTW I submitted this as a bug for fedora:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=695577
>
> My evil(ish) plan is to take over the mediawiki package for fedora and
> then EPEL and then all the plugins. muahahaha! =).

Now I know what you are up to ;)

Eugene

> On Tue, Apr 12, 2011 at 11:21 PM, Vincent Danen<vdanen () redhat com>  wrote:
> > Mediawiki 1.16.3 has been released with three noted flaws:
> >
> > 1) XSS with IE<= 6 due to improper handling of uploaded file names
> > 2) CSS validation error in wikitext parser
> > 3) transwiki import neglects to perform access control checks
> >
> > Can CVE names be assigned to these issues?
> >
> > http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000096.html
> >
> > Thanks.
> >
> > --
> > Vincent Danen / Red Hat Security Response Team


--
main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }