[Pkg-mediawiki-devel] Exploitable by GeSHi local PHP file
inclusion?
Romain Beauxis
toots at rastageeks.org
Thu Sep 29 13:41:08 UTC 2005
Daniel Leidert wrote:
> Hello,
>
> I've found the following security issue report today:
> http://securityreason.com/achievement_securityalert/23 (reported at
> http://www.heise.de/security/news/meldung/64410)
>
> Is mediawiki affected by this issue or was this fixed with 1.4.10?
>
>
AFAIK, geshi is an extension of mediawiki[1].
It is not shipped with the actual debian package, so the issue does not
apply to the current package.
BTW packaging extensions for mediawiki could be achived one day if
anyone take the time to do it and if it is suitable for packaging, that
is to say that th extension is serious and maintained regulary enought
-- as for this exemple, the fix has to appear quickly..
Romain
[1]:
http://meta.wikimedia.org/wiki/User:Coffman/Geshi_Syntax_Highlight_extension
More information about the Pkg-mediawiki-devel
mailing list