Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 29 Nov 2011 11:12:17 +0100
From: Hanno Böck <>
Subject: CVE request: mediawiki before 1.17.1

From announce mail:

I would like to announce the release of MediaWiki 1.17.1. Two security
issues were discovered.

Alexandre Emsenhuber discovered an issue where page titles on private
wikis could be exposed bypassing different page ids to index.php. In the
case of the user not having correct permissions, they will now be
redirected to Special:BadTitle.

For more details, see

The second issue was found by Tim Starling, who discovered that
action=ajax requests were dispatched to the relevant function without
any read permission checks being done. This could have led to data
leakage on private wikis.

For more details, see


Please assign two CVEs.

Hanno Böck		mail/jabber:

Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.