[Pkg-mediawiki-devel] Re: Bug#217571: security note
Romain Beauxis
toots at rastageeks.org
Sat Jul 30 09:23:47 UTC 2005
Hi Joey!
Le Samedi 30 Juillet 2005 04:51, Joey Hess a écrit :
> Note that a number of security holes have been found in mediawiki over
> the last year. The latest one, CAN-2005-2396 is a cross-site-scripting
> hole affecting version 1.4.6 and earlier.
> (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2396)
>
> A few others include CAN-2005-1245, CAN-2005-0536, CAN-2005-0535,
> CAN-2005-0534, CAN-2004-1405, CAN-2004-2152.
Thank you for this warning.
I've search for security holes there:
http://www.cve.mitre.org/cgi-bin/cvekey.cgi?keyword=mediawiki
And it appears that all bugs that are known yet affect versions 1.4.6 and
earlier, but the upstream we are actually working on is the 1.4.7, so it
seems that for now we don't have to do anything on it.
Romain
--
You can fool some people sometimes,
But you can't fool all the people all the time.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-mediawiki-devel/attachments/20050730/d5daee24/attachment.pgp
More information about the Pkg-mediawiki-devel
mailing list