/[advisories]/13477.adv
ViewVC logotype

Contents of /13477.adv

Parent Directory Parent Directory | Revision Log Revision Log


Revision 3182 - (show annotations) (download)
Thu Jul 9 07:56:53 2015 UTC (8 years, 8 months ago) by tmb
File size: 873 byte(s)
fix up duplicated mitre cve links
1 type: security
2 subject: Updated mediawiki packages fix security vulnerability
3 CVE:
4 - CVE-2014-3966
5 src:
6 3:
7 core:
8 - mediawiki-1.22.7-1.mga3
9 4:
10 core:
11 - mediawiki-1.22.7-1.mga4
12 description: |
13 XSS vulnerability in MediaWiki before 1.22.7, due to usernames on
14 Special:PasswordReset being parsed as wikitext. The username on
15 Special:PasswordReset can be supplied by anyone and will be parsed
16 with wgRawHtml enabled. Since Special:PasswordReset is whitelisted
17 by default on private wikis, this could potentially lead to an XSS
18 crossing a privilege boundary (CVE-2014-3966).
19 references:
20 - https://bugs.mageia.org/show_bug.cgi?id=13477
21 - https://bugzilla.wikimedia.org/show_bug.cgi?id=65501
22 - http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-May/000151.html
23 - http://openwall.com/lists/oss-security/2014/06/04/15
24 ID: MGASA-2014-0253

  ViewVC Help
Powered by ViewVC 1.1.30