239342 – (CVE-2008-4408) www-apps/mediawiki <1.12.1 <1.13.2 XSS (CVE-2008-4408)

Bug 239342 (CVE-2008-4408) - www-apps/mediawiki <1.12.1 <1.13.2 XSS (CVE-2008-4408)

Summary: www-apps/mediawiki <1.12.1 <1.13.2 XSS (CVE-2008-4408)

Status:	RESOLVED FIXED

Alias:	CVE-2008-4408

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High trivial (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	~4 [ebuild]
Keywords:

Duplicates (1):	239488 (view as bug list)
Depends on:
Blocks:

Reported:	2008-10-02 16:19 UTC by Hanno Böck
Modified:	2008-10-06 18:15 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Hanno Böck gentoo-dev

2008-10-02 16:19:03 UTC

http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_13_2/phase3/RELEASE-NOTES

1.11.* is not affected, so we only need bumps for the ~-versions.

Comment 1 Stefan Behte (RETIRED) gentoo-dev

2008-10-04 02:12:16 UTC

*** Bug 239488 has been marked as a duplicate of this bug. ***

Comment 2 Stefan Behte (RETIRED) gentoo-dev

2008-10-04 02:12:45 UTC

Impact: XSS

Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0,
and possibly other versions before 1.13.2 allows remote attackers to
inject arbitrary web script or HTML via the useskin parameter to an
unspecified component.

Comment 3 Peter Volkov (RETIRED) gentoo-dev

2008-10-06 04:47:04 UTC

mediawiki 1.12.1 and 1.13.2 are in the tree. Affected versions removed. Done.

Comment 4 Robert Buchholz (RETIRED) gentoo-dev

2008-10-06 14:43:18 UTC

thanks, closing then.