oss-sec mailing list archives
Re: MediaWiki security release - 1.23.7
From: cve-assign () mitre org
Date: Thu, 4 Dec 2014 13:33:38 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi, we fixed a few security bugs in last week's MediaWiki release [1]. * bug 71111 / T73111 - A missing csrf check could allow reflected xss on wikis that allow raw html (https://phabricator.wikimedia.org/T73111)
Use CVE-2014-9276.
* bug 71478 / T73478 - MediaWiki's <cross-domain-policy> mangling could allow an article editor to inject code into api consumers that blindly unserialize php representations of the page from the api (https://phabricator.wikimedia.org/T73478)
Use CVE-2014-9277. - --- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEVAwUBVICnwqllVAevmvmsAQIqtAgApS0KfcaLFw9TND3VT6vWwKePvaR0kGee n4N+/vUh9XsX9vgASKh+o4rcmZW0Pw67GI0C1RKGPSTITzFgIhwDpG3tCBAVKtUz VSL2dWHP5PC3OOsRUF2kD6oVctE/y7w9FADRLccBqf7DAYK1CTJ+1I1ZNKQBaePs 1Z3CrDPW9QAQSjzSfWFrvxz5ivnkiz2S9bhU/B2y7MKriU41uXRDclnHOqVX9+9C cp8ymBSKeiaohgro5awR29pf87HZTbYbGJE+PL66URBWsPA6VsFN1PD2gkuKH9mj KKmizDImU2RjXNpNIASnOQNnIt6omJBajlahU5SsNBpxz+O6+GRkSQ== =nB+O -----END PGP SIGNATURE-----
Current thread:
- MediaWiki security release - 1.23.7 Chris Steipp (Dec 03)
- Re: MediaWiki security release - 1.23.7 cve-assign (Dec 04)