[Pkg-mediawiki-devel] Bug#696179: Codendi and mediawiki-extensions-base: RSS_Reader Javascript injection

[Thorsten Glaser]

Dixi quod…

> On Mon, 17 Dec 2012, Jonathan Wiltshire wrote:

> > have you sought out a CVE 
> > number?
> 
> No, I’ve got no idea how all this CVE stuff works.
> 
> Do you volunteer, or one of the Mediawiki guys lurking here?
> Otherwise I’d just open an entry in the MW bugtracker now,
> if extensions are tracked there, that is.

For CVE tracking, here’s a list of vulnerable softwares:

• FusionForge 5.1, 5.2 and trunk, but not 5.0 or below;
  commit f7b371af6f7576058971fd248a93dd864d5b1ce1 fix on
  Branch_5_1 confirmed to close this hole; will be merged
  into 5.2 and trunk later
  ⇒ Impact: low (<script> filtered)

• Tuleap, tested with version 5.7.99.9, possibly “all”,
  and possibly also Codendi (which is where Tuleap and
  FusionForge both have this widget from)
  ⇒ Impact: low (<script> filtered)

• MediaWiki RSS_Reader extension (fix tested, works)
  ⇒ Impact: high (<script> *not* filtered)

bye,
//mirabilos
-- 
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-314
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Boris Esser, Sebastian Mancke