[Pkg-mediawiki-devel] Bug#332408: mediawiki: Multiple
vulnerabilities in Mediawiki
Moritz Muehlenhoff
jmm at inutil.org
Thu Oct 6 09:37:35 UTC 2005
Package: mediawiki
Severity: grave
Tags: security
Justification: user security hole
1.4.11 fixes two security problems:
CAN-2005-3167:
Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not
properly remove certain CSS inputs (HTML inline style attributes) that
are processed as active content by Internet Explorer, which allows remote
attackers to conduct cross-site scripting (XSS) attacks.
CAN-2005-3166:
Unspecified vulnerability in "edit submission handling" for MediaWiki
1.4.x before 1.4.10 and 1.3.x before 1.3.16 allows remote attackers to
cause a denial of service (corruption of the previous submission) via a
crafted URL. |
Please mention these CVE assignments when you provide a fixed package.
Cheers,
Moritz
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-rc1
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)
More information about the Pkg-mediawiki-devel
mailing list