Parent Directory | Revision Log
MGASA-2013-0276
1 | type: security |
2 | subject: Updated mediawiki package fixes security vulnerabilities |
3 | CVE: |
4 | - CVE-2013-4301 |
5 | - CVE-2013-4302 |
6 | - CVE-2013-4303 |
7 | src: |
8 | 2: |
9 | core: |
10 | - mediawiki-1.20.7-1.mga2 |
11 | 3: |
12 | core: |
13 | - mediawiki-1.20.7-1.mga3 |
14 | description: | |
15 | Full path disclosure in MediaWiki before 1.20.7, when an invalid language |
16 | is specified in ResourceLoader (CVE-2013-4301). |
17 | |
18 | Several API modules in MediaWiki before 1.20.7 allowed anti-CSRF tokens |
19 | to be accessed via JSONP (CVE-2013-4302). |
20 | |
21 | An issue with the MediaWiki API in MediaWiki before 1.20.7 where an |
22 | invalid property name could be used for XSS with older versions of |
23 | Internet Explorer (CVE-2013-4303). |
24 | references: |
25 | - https://bugs.mageia.org/show_bug.cgi?id=11157 |
26 | - http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html |
27 | - https://www.mediawiki.org/wiki/Release_notes/1.20 |
28 | ID: MGASA-2013-0276 |
ViewVC Help | |
Powered by ViewVC 1.1.30 |