oss-sec mailing list archives
Re: CVE request: mediawiki 1.16.3
From: Josh Bressers <bressers () redhat com>
Date: Wed, 13 Apr 2011 15:33:56 -0400 (EDT)
----- Original Message -----
Mediawiki 1.16.3 has been released with three noted flaws: 1) XSS with IE <= 6 due to improper handling of uploaded file names
Use CVE-2011-1578
2) CSS validation error in wikitext parser
Use CVE-2011-1579
3) transwiki import neglects to perform access control checks
Use CVE-2011-1580
Can CVE names be assigned to these issues? http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000096.html
Thanks.
--
JB
Current thread:
- CVE request: mediawiki 1.16.3 Vincent Danen (Apr 12)
- Re: CVE request: mediawiki 1.16.3 Kurt Seifried (Apr 12)
- Re: CVE request: mediawiki 1.16.3 Eugene Teo (Apr 12)
- Re: CVE request: mediawiki 1.16.3 Josh Bressers (Apr 13)
- Re: CVE request: mediawiki 1.16.3 Kurt Seifried (Apr 12)