oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: MediaWiki security release - 1.23.7

From: cve-assign () mitre org
Date: Thu, 4 Dec 2014 13:33:38 -0500 (EST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi, we fixed a few security bugs in last week's MediaWiki release [1].

* bug 71111 / T73111 - A missing csrf check could allow reflected xss
on wikis that allow raw html
(https://phabricator.wikimedia.org/T73111)


Use CVE-2014-9276.


* bug 71478 / T73478 - MediaWiki's <cross-domain-policy> mangling
could allow an article editor to inject code into api consumers that
blindly unserialize php representations of the page from the api
(https://phabricator.wikimedia.org/T73478)


Use CVE-2014-9277.

- ---

CVE assignment team, MITRE CVE Numbering Authority M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEVAwUBVICnwqllVAevmvmsAQIqtAgApS0KfcaLFw9TND3VT6vWwKePvaR0kGee
n4N+/vUh9XsX9vgASKh+o4rcmZW0Pw67GI0C1RKGPSTITzFgIhwDpG3tCBAVKtUz
VSL2dWHP5PC3OOsRUF2kD6oVctE/y7w9FADRLccBqf7DAYK1CTJ+1I1ZNKQBaePs
1Z3CrDPW9QAQSjzSfWFrvxz5ivnkiz2S9bhU/B2y7MKriU41uXRDclnHOqVX9+9C
cp8ymBSKeiaohgro5awR29pf87HZTbYbGJE+PL66URBWsPA6VsFN1PD2gkuKH9mj
KKmizDImU2RjXNpNIASnOQNnIt6omJBajlahU5SsNBpxz+O6+GRkSQ==
=nB+O
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: