[Bug 290015] Re: [CVE-2008-4408] XSS attack vulnerability
Launchpad Bug Tracker
290015 at bugs.launchpad.net
Thu Nov 27 13:54:25 UTC 2008
This bug was fixed in the package mediawiki - 1:1.12.0-2ubuntu0.1
---------------
mediawiki (1:1.12.0-2ubuntu0.1) intrepid-security; urgency=low
* SECURITY UPDATE:
Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0,
and possibly other versions before 1.13.2 allows remote attackers
to inject arbitrary web script or HTML via the useskin parameter
to an unspecified component. (LP: #290015)
- debian/patches/CVE-2008-4408.patch: Address XSS vulnerability. Based on
upstream/Debian patch.
- CVE-2008-4408
- http://svn.wikimedia.org/viewvc/mediawiki?view=rev&revision=41540
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501115
-- Iain Lane <laney at ubuntu.com> Mon, 27 Oct 2008 19:27:33 +0000
** Changed in: mediawiki (Ubuntu Intrepid)
Status: In Progress => Fix Released
** Changed in: mediawiki (Ubuntu Hardy)
Status: In Progress => Fix Released
--
[CVE-2008-4408] XSS attack vulnerability
https://bugs.launchpad.net/bugs/290015
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list