Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 13 Apr 2011 15:33:56 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>, tstarling@...imedia.org
Subject: Re: CVE request: mediawiki 1.16.3



----- Original Message -----
> Mediawiki 1.16.3 has been released with three noted flaws:
> 
> 1) XSS with IE <= 6 due to improper handling of uploaded file names
Use CVE-2011-1578

> 2) CSS validation error in wikitext parser
Use CVE-2011-1579

> 3) transwiki import neglects to perform access control checks
Use CVE-2011-1580

> 
> Can CVE names be assigned to these issues?
> 
> http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000096.html
> 

Thanks.

-- 
    JB

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ