oss-sec mailing list archives
Re: CVE request: XSS in uselang http parameter (mediawiki)
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 13 Jun 2012 20:00:23 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/13/2012 07:33 PM, Vincent Danen wrote:
Mediawiki 1.17.5, 1.18.4, and 1.19.1 were released today to fix a XSS vulnerability in the useland http parameter. References: http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-June/000118.html https://bugzilla.wikimedia.org/show_bug.cgi?id=36938 https://bugzilla.redhat.com/show_bug.cgi?id=831876 I didn't spot a CVE name in the release, so requesting one here. Thanks.
Please use CVE-2012-2698 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJP2UW3AAoJEBYNRVNeJnmTzoAQAK+JAdhD9oR6YMlxf/ZRGgjT 66IlnIemwu0Rcy1/iFJ5uSgrIUkCTda1pEzmKQBur1ghtPaFPG7pK9x4o9rnwoYT 671DGRRT8XYjxuj+cb6Lkt4POyLZVuGygOr90eYilPSgjw4sTcBfyN6+2/OyPZfY xsu1FXNUJHpOXy9A5Y8VdQk/KIdKSr5arV/llBFhF7ypeWQzC4fkp2o+uuCQMynJ fBZXHH4/Rlx8+3ITYxN/doJnNoL0XnVXSnIvJ0mo1gMNphn4R3S1tnALHHdc3pV8 igcbV/PBgk/eBtfqvPkzxsgr/LlhwtW5VxHWDhJ1BFqDMvhJnMA7PlO3gfj4lP/g cWzTxd/KQFhwR1f1g885i/fowVFhC/fb6/mhSrin9xDxcDRrFAZa8g3+ME9RIZo7 54i62XTp+M5coWjTb6GzcIBc2qjZbIEILIrr21s5K8eiyv0TUYK9voUwvc4kCLui JaDesIIU6RRwtlrodILnEgxdTif67ZxQlSdRg8/Rexkd5VI0396anpR+nF2weua4 5CDlYNc4g5RJm0a4GfYOlmJoO3nzm8ZHLpViTVVg/cEw5Qdv/81UgobPyTF761V7 UIt0O/PEB0Vc+v/j8R9d2yvQSz+TIRp0cLywSoEP5jO0rv4O/DYQ7FsZfah4LrQ+ Wz9FJ3zPAb/AbsWKct76 =3kjY -----END PGP SIGNATURE-----
Current thread:
- CVE request: XSS in uselang http parameter (mediawiki) Vincent Danen (Jun 13)
- Re: CVE request: XSS in uselang http parameter (mediawiki) Kurt Seifried (Jun 13)