First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 80729
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Jean-François Brunette (RETIRED) <formula7@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 80729 depends on: Show dependency tree
Bug 80729 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-02-04 08:24 0000 
I know that version 1.3.10 is already in portage, but there is also the 1.3.9
version

----------------------
Description:
A vulnerability has been reported in MediaWiki, which can be exploited by
malicious people to conduct cross-site scripting attacks.

Some unspecified input isn't properly sanitised before being returned to the
user. This can be exploited to execute arbitrary HTML and script code in a
user's browser session in context of a vulnerable site.

Successful exploitation requires user to be authenticated.

Solution:
Update to version 1.3.10.
http://sourceforge.net/project/showfiles.php?group_id=34373

------- Comment #1 From Thierry Carrez (RETIRED) 2005-02-04 08:28:48 0000 ------- 
InCVS and ready to fly. Security, please vote on GLSA need.
"Successful exploitation requires user to be authenticated." --> I vote NO.

------- Comment #2 From Sune Kloppenborg Jeppesen 2005-02-04 09:25:02 0000 ------- 
I vote NO.

web-apps please remove old vulnerable ebuilds.

------- Comment #3 From Thierry Carrez (RETIRED) 2005-02-28 12:58:58 0000 ------- 
done in GLSA 200502-33
First Last Prev Next    No search results available      Search page      Enter new bug