[Secure-testing-commits] r23555 - data/CVE
Luciano Bello
luciano at alioth.debian.org
Thu Sep 5 07:20:32 UTC 2013
Author: luciano
Date: 2013-09-05 07:20:32 +0000 (Thu, 05 Sep 2013)
New Revision: 23555
Modified:
data/CVE/list
Log:
more info on mediawiki issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-09-05 07:05:30 UTC (rev 23554)
+++ data/CVE/list 2013-09-05 07:20:32 UTC (rev 23555)
@@ -2937,20 +2937,24 @@
RESERVED
- mediawiki-extensions <unfixed>
TODO: check
+ NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=49070
CVE-2013-4304 [mediawiki CentralAuth auth bypass]
RESERVED
NOT-FOR-US: Mediawiki CentralAuth extension
CVE-2013-4303 [mediawiki XSS with IE6]
RESERVED
- mediawiki <unfixed> (unimportant)
+ NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=52746
NOTE: IE6 lacks so many security features that this doesn't matter
CVE-2013-4302 [mediawiki anti CSRF modules could be accessed via JSON]
RESERVED
- mediawiki <unfixed>
+ NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=49090
CVE-2013-4301 [mediawiki full path disclosure]
RESERVED
- mediawiki <unfixed> (unimportant)
NOTE: Full path disclosure irrelevant in Debian
+ NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=46332
CVE-2013-4300
RESERVED
- linux <unfixed>
More information about the Secure-testing-commits
mailing list