[Secure-testing-commits] r23558 - data/CVE
Salvatore Bonaccorso
carnil at alioth.debian.org
Thu Sep 5 17:33:18 UTC 2013
Author: carnil
Date: 2013-09-05 17:33:18 +0000 (Thu, 05 Sep 2013)
New Revision: 23558
Modified:
data/CVE/list
Log:
Add fixed version for mediawiki issues CVE-2013-{4301,4302,4303}
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-09-05 11:20:16 UTC (rev 23557)
+++ data/CVE/list 2013-09-05 17:33:18 UTC (rev 23558)
@@ -2943,16 +2943,16 @@
NOT-FOR-US: Mediawiki CentralAuth extension
CVE-2013-4303 [mediawiki XSS with IE6]
RESERVED
- - mediawiki <unfixed> (unimportant)
+ - mediawiki 1:1.19.8+dfsg-1 (unimportant)
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=52746
NOTE: IE6 lacks so many security features that this doesn't matter
CVE-2013-4302 [mediawiki anti CSRF modules could be accessed via JSON]
RESERVED
- - mediawiki <unfixed>
+ - mediawiki 1:1.19.8+dfsg-1
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=49090
CVE-2013-4301 [mediawiki full path disclosure]
RESERVED
- - mediawiki <unfixed> (unimportant)
+ - mediawiki 1:1.19.8+dfsg-1 (unimportant)
NOTE: Full path disclosure irrelevant in Debian
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=46332
CVE-2013-4300
More information about the Secure-testing-commits
mailing list