[Pkg-mediawiki-devel] Bug#508869: CVE-2008-5250: several local script injection vulnerabilities in MediaWiki

Raphael Geissert atomo64 at gmail.com
Tue Dec 16 04:49:40 UTC 2008

Package: mediawiki
Version: 1:1.7
Severity: grave
Tags: security patch


The following CVE (Common Vulnerabilities & Exposures) id was published for 

> * A local script injection vulnerability affecting Internet Explorer
> clients for all MediaWiki installations with uploads enabled.
> [CVE-2008-5250]
> * A local script injection vulnerability affecting clients with SVG
> scripting capability (such as Firefox 1.5+), for all MediaWiki
> installations with SVG uploads enabled. [CVE-2008-5250]

A patch fixing this and other issues can be found at [0].

If you fix the vulnerability please also make sure to include the CVE id in 
the changelog entry.

[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5250

Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/pkg-mediawiki-devel/attachments/20081215/7ce90ac1/attachment.pgp 

More information about the Pkg-mediawiki-devel mailing list