[Pkg-mediawiki-devel] Bug#696179: mediawiki-extensions-base: RSS_Reader Javascript injection

Thorsten Glaser tg at debian.org
Thu Dec 20 09:37:22 UTC 2012


On Wed, 19 Dec 2012, Giuseppe Iuculano wrote:

> On 17/12/2012 18:21, Jonathan Wiltshire wrote:
[ Debian ]
> > Security team: is it too late to get a CVE through you now that a public
> > bug has been filed? And should a DSA be prepared, as I have not looked
> > but can be fairly sure this will affect stable.
>
> yes, if it is public, we cannot assign a CVE. you can ask
> cve-assign at mitre.org to request one.

Okay, doing that.

Hello MITRE people,

we would like to request a CVE number for an issue in the
RSS_Reader Mediawiki extension that allows injection of
unchecked HTML including Javascript into wikis via feeds.
See http://bugs.debian.org/696179 for details.

My apologies on not getting the process done correctly.

Thanks,
//mirabilos
-- 
15:41⎜<Lo-lan-do:#fusionforge> Somebody write a testsuite for helloworld :-)



More information about the Pkg-mediawiki-devel mailing list