Bug#217571: security note

To: Joey Hess <joeyh@debian.org>, 217571@bugs.debian.org
Cc: 276057@bugs.debian.org, pkg-mediawiki-devel@lists.alioth.debian.org
Subject: Bug#217571: security note
From: Romain Beauxis <toots@rastageeks.org>
Date: Sat, 30 Jul 2005 11:23:47 +0200
Message-id: <[🔎] 200507301123.57332.toots@rastageeks.org>
Reply-to: Romain Beauxis <toots@rastageeks.org>, 217571@bugs.debian.org
In-reply-to: <[🔎] 20050730025102.GA3737@kitenet.net>
References: <[🔎] 20050730025102.GA3737@kitenet.net>

	Hi Joey!

Le Samedi 30 Juillet 2005 04:51, Joey Hess a écrit :
> Note that a number of security holes have been found in mediawiki over
> the last year. The latest one, CAN-2005-2396 is a cross-site-scripting
> hole affecting version 1.4.6 and earlier.
> (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2396)
>
> A few others include CAN-2005-1245, CAN-2005-0536, CAN-2005-0535,
> CAN-2005-0534, CAN-2004-1405, CAN-2004-2152.

Thank you for this warning.
I've search for security holes there: 
http://www.cve.mitre.org/cgi-bin/cvekey.cgi?keyword=mediawiki
And it appears that all bugs that are known yet affect versions 1.4.6 and 
earlier, but the upstream we are actually working on is the 1.4.7, so it 
seems that for now we don't have to do anything on it.


Romain 

-- 
   You can fool some people sometimes,
   But you can't fool all the people all the time.

Attachment: pgppdAmUWU6o1.pgp
Description: PGP signature

Reply to:

References:
- Bug#276057: security note
  - From: Joey Hess <joeyh@debian.org>

Prev by Date: Bug#195813: Have a good one.
Next by Date: Bug#320492: Differences between dhcp3-relay and dhcp-helper.
Previous by thread: Bug#276057: security note
Next by thread: Bug#320492: Differences between dhcp3-relay and dhcp-helper.
Index(es):
- Date
- Thread