oss-sec mailing list archives

Re: CVE Request -- MediaWiki - v1.15.2

From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 30 Mar 2010 15:56:03 -0400 (EDT)


On Tue, 9 Mar 2010, Jan Lieskovsky wrote:

 a, a CSS validation issue was discovered which allows editors to display
    external images in wiki pages.


Use CVE-2010-1189

 b, a data leakage vulnerability was discovered in thumb.php which affects
    wikis which restrict access to private files using img_auth.php, or
    some similar scheme.


Use CVE-2010-1190

- Steve

Current thread:

CVE Request -- MediaWiki - v1.15.2 Jan Lieskovsky (Mar 09)
- Re: CVE Request -- MediaWiki - v1.15.2 Nico Golde (Mar 16)
- Re: CVE Request -- MediaWiki - v1.15.2 Henri Salo (Mar 23)
- Re: CVE Request -- MediaWiki - v1.15.2 Steven M. Christey (Mar 30)