[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: XSS in uselang http parameter (mediawiki)
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2012-06-14 2:00:23
Message-ID: 4FD945B7.6000700 () redhat ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/13/2012 07:33 PM, Vincent Danen wrote:
> Mediawiki 1.17.5, 1.18.4, and 1.19.1 were released today to fix a
> XSS vulnerability in the useland http parameter.
> 
> References:
> 
> http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-June/000118.html
>
>  https://bugzilla.wikimedia.org/show_bug.cgi?id=36938 
> https://bugzilla.redhat.com/show_bug.cgi?id=831876
> 
> I didn't spot a CVE name in the release, so requesting one here.
> 
> Thanks.

Please use CVE-2012-2698 for this issue.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJP2UW3AAoJEBYNRVNeJnmTzoAQAK+JAdhD9oR6YMlxf/ZRGgjT
66IlnIemwu0Rcy1/iFJ5uSgrIUkCTda1pEzmKQBur1ghtPaFPG7pK9x4o9rnwoYT
671DGRRT8XYjxuj+cb6Lkt4POyLZVuGygOr90eYilPSgjw4sTcBfyN6+2/OyPZfY
xsu1FXNUJHpOXy9A5Y8VdQk/KIdKSr5arV/llBFhF7ypeWQzC4fkp2o+uuCQMynJ
fBZXHH4/Rlx8+3ITYxN/doJnNoL0XnVXSnIvJ0mo1gMNphn4R3S1tnALHHdc3pV8
igcbV/PBgk/eBtfqvPkzxsgr/LlhwtW5VxHWDhJ1BFqDMvhJnMA7PlO3gfj4lP/g
cWzTxd/KQFhwR1f1g885i/fowVFhC/fb6/mhSrin9xDxcDRrFAZa8g3+ME9RIZo7
54i62XTp+M5coWjTb6GzcIBc2qjZbIEILIrr21s5K8eiyv0TUYK9voUwvc4kCLui
JaDesIIU6RRwtlrodILnEgxdTif67ZxQlSdRg8/Rexkd5VI0396anpR+nF2weua4
5CDlYNc4g5RJm0a4GfYOlmJoO3nzm8ZHLpViTVVg/cEw5Qdv/81UgobPyTF761V7
UIt0O/PEB0Vc+v/j8R9d2yvQSz+TIRp0cLywSoEP5jO0rv4O/DYQ7FsZfah4LrQ+
Wz9FJ3zPAb/AbsWKct76
=3kjY
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]