CVE's for MediaWiki 1.20.2 / 1.19.2

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In future if Mediawiki security wants to get CVEs easily just contact
secalert () redhat com and we can provide you with CVE's in advance.

http://www.mediawiki.org/wiki/Release_notes/1.20
http://www.mediawiki.org/wiki/Release_notes/1.19

(bug 44135/bug 42441) Pass '2' instead of 'true' to CURLOPT_SSL_VERIFYHOST
https://bugzilla.wikimedia.org/show_bug.cgi?id=44135
https://bugzilla.wikimedia.org/show_bug.cgi?id=42441

Please use CVE-2013-1816 for this issue.



(bug 43518) API action=unblock should return the user name, not the
full user object
https://bugzilla.wikimedia.org/show_bug.cgi?id=43518

Please use CVE-2013-1817 for this issue.


1.20.2 only:
(Bug 45355) Prevent read of arbitrary files through mwdoc-filter.php
https://bugzilla.wikimedia.org/show_bug.cgi?id=45355

Please use CVE-2013-1818 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRNY6dAAoJEBYNRVNeJnmT8D4QAInmJBxHEo/gQA7UYjk6wZMG
7VR33+qwyYKLkxGsj81I+ExQLKpxQhTC6P33F69n8wr9aNBTMBkHKytzou13HWgJ
qNYT2NmactiH2m3ha8mMP5lPPC4QY7ljm3VLf1p83G/jKMBXR6sBz8J0llf0XS3r
PUypBPVXc7ffq0PE81T4DG6f0kk3KFOPaXEZ3FNWtjVBv9YRlIKintGjRprqTddP
SIq2iZGXYkKoidNQk4x8oSJ/4XppwsxGA1oz2yBrYCVbAqATqnfSfodwuXQgiuKn
nlHNvcDxQaes6vLg8KTTHmkqrwkaCvR47hKOpTPdTvjnifoTdKwp/QvBrn9H2nNZ
lujdm7xqbHElHUgmYpGVd0W99mXCHYey/vFTDqcqU+TnjkW4m/3Jwc8/EpdbJB74
B5TBBR5EDLO9n/u+29E/u5XLAMyxySYZpgctSdQdy5dETzS7kfRAiFJbN18N5Fgw
CK5+p2EFRz9pWUhVZSamjGWHLE1aHluQeae9f8rhFnFdaomcJt3DwK9IdCU30l3o
wR8Mvsc7b2n06UpG6vffF2akNM/jIfhc0DC3Yq0hr5WzDDhNRyvRmblh4wvbUDFL
7KBsPAeIRbE59Vl9uD0k8/epLQwnbX0cK40CW8+vjp3fBw+498aRT/ANZ+WIAQIZ
KepwQx0eZNkluvUba35G
=/tFb
-----END PGP SIGNATURE-----