Parent Directory | Revision Log
fix up duplicated mitre cve links
1 | type: security |
2 | subject: Updated mediawiki packages fix security vulnerability |
3 | CVE: |
4 | - CVE-2014-3966 |
5 | src: |
6 | 3: |
7 | core: |
8 | - mediawiki-1.22.7-1.mga3 |
9 | 4: |
10 | core: |
11 | - mediawiki-1.22.7-1.mga4 |
12 | description: | |
13 | XSS vulnerability in MediaWiki before 1.22.7, due to usernames on |
14 | Special:PasswordReset being parsed as wikitext. The username on |
15 | Special:PasswordReset can be supplied by anyone and will be parsed |
16 | with wgRawHtml enabled. Since Special:PasswordReset is whitelisted |
17 | by default on private wikis, this could potentially lead to an XSS |
18 | crossing a privilege boundary (CVE-2014-3966). |
19 | references: |
20 | - https://bugs.mageia.org/show_bug.cgi?id=13477 |
21 | - https://bugzilla.wikimedia.org/show_bug.cgi?id=65501 |
22 | - http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-May/000151.html |
23 | - http://openwall.com/lists/oss-security/2014/06/04/15 |
24 | ID: MGASA-2014-0253 |
ViewVC Help | |
Powered by ViewVC 1.1.30 |