[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request: XSS in uselang http parameter (mediawiki)
From: Kurt Seifried <kseifried () redhat ! com>
Date: 2012-06-14 2:00:23
Message-ID: 4FD945B7.6000700 () redhat ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 06/13/2012 07:33 PM, Vincent Danen wrote:
> Mediawiki 1.17.5, 1.18.4, and 1.19.1 were released today to fix a
> XSS vulnerability in the useland http parameter.
>
> References:
>
> http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-June/000118.html
>
> https://bugzilla.wikimedia.org/show_bug.cgi?id=36938
> https://bugzilla.redhat.com/show_bug.cgi?id=831876
>
> I didn't spot a CVE name in the release, so requesting one here.
>
> Thanks.
Please use CVE-2012-2698 for this issue.
- --
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJP2UW3AAoJEBYNRVNeJnmTzoAQAK+JAdhD9oR6YMlxf/ZRGgjT
66IlnIemwu0Rcy1/iFJ5uSgrIUkCTda1pEzmKQBur1ghtPaFPG7pK9x4o9rnwoYT
671DGRRT8XYjxuj+cb6Lkt4POyLZVuGygOr90eYilPSgjw4sTcBfyN6+2/OyPZfY
xsu1FXNUJHpOXy9A5Y8VdQk/KIdKSr5arV/llBFhF7ypeWQzC4fkp2o+uuCQMynJ
fBZXHH4/Rlx8+3ITYxN/doJnNoL0XnVXSnIvJ0mo1gMNphn4R3S1tnALHHdc3pV8
igcbV/PBgk/eBtfqvPkzxsgr/LlhwtW5VxHWDhJ1BFqDMvhJnMA7PlO3gfj4lP/g
cWzTxd/KQFhwR1f1g885i/fowVFhC/fb6/mhSrin9xDxcDRrFAZa8g3+ME9RIZo7
54i62XTp+M5coWjTb6GzcIBc2qjZbIEILIrr21s5K8eiyv0TUYK9voUwvc4kCLui
JaDesIIU6RRwtlrodILnEgxdTif67ZxQlSdRg8/Rexkd5VI0396anpR+nF2weua4
5CDlYNc4g5RJm0a4GfYOlmJoO3nzm8ZHLpViTVVg/cEw5Qdv/81UgobPyTF761V7
UIt0O/PEB0Vc+v/j8R9d2yvQSz+TIRp0cLywSoEP5jO0rv4O/DYQ7FsZfah4LrQ+
Wz9FJ3zPAb/AbsWKct76
=3kjY
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic