Hi Joey! Le Samedi 30 Juillet 2005 04:51, Joey Hess a écrit : > Note that a number of security holes have been found in mediawiki over > the last year. The latest one, CAN-2005-2396 is a cross-site-scripting > hole affecting version 1.4.6 and earlier. > (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2396) > > A few others include CAN-2005-1245, CAN-2005-0536, CAN-2005-0535, > CAN-2005-0534, CAN-2004-1405, CAN-2004-2152. Thank you for this warning. I've search for security holes there: http://www.cve.mitre.org/cgi-bin/cvekey.cgi?keyword=mediawiki And it appears that all bugs that are known yet affect versions 1.4.6 and earlier, but the upstream we are actually working on is the 1.4.7, so it seems that for now we don't have to do anything on it. Romain -- You can fool some people sometimes, But you can't fool all the people all the time.
Description: PGP signature