[Pkg-mediawiki-devel] Bug#772764: mediawiki: CVE-2014-9277
Sebastien Delafond
seb at debian.org
Wed Dec 10 21:05:57 UTC 2014
Package: mediawiki
Severity: important
Tags: security upstream
The <cross-domain-policy> mangling in OutputHandler.php poses a
potentially severe security problem for API clients written in PHP, in
that format=php is affected. See the following URL for more details:
https://phabricator.wikimedia.org/T73478
Cheers,
--Seb
More information about the Pkg-mediawiki-devel
mailing list