Date: Wed, 13 Apr 2011 15:33:56 -0400 (EDT) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: coley <coley@...re.org>, tstarling@...imedia.org Subject: Re: CVE request: mediawiki 1.16.3 ----- Original Message ----- > Mediawiki 1.16.3 has been released with three noted flaws: > > 1) XSS with IE <= 6 due to improper handling of uploaded file names Use CVE-2011-1578 > 2) CSS validation error in wikitext parser Use CVE-2011-1579 > 3) transwiki import neglects to perform access control checks Use CVE-2011-1580 > > Can CVE names be assigned to these issues? > > http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000096.html > Thanks. -- JB
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ