Ubuntu
mediawiki package

  1. Bug #290015
  2. Comment #5

Comment 5 for bug 290015

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mediawiki - 1:1.12.0-2ubuntu0.1

---------------
mediawiki (1:1.12.0-2ubuntu0.1) intrepid-security; urgency=low

  * SECURITY UPDATE:
     Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0,
     and possibly other versions before 1.13.2 allows remote attackers
     to inject arbitrary web script or HTML via the useskin parameter
     to an unspecified component. (LP: #290015)
     - debian/patches/CVE-2008-4408.patch: Address XSS vulnerability. Based on
       upstream/Debian patch.
     - CVE-2008-4408
     - http://svn.wikimedia.org/viewvc/mediawiki?view=rev&revision=41540
     - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501115

 -- Iain Lane <email address hidden> Mon, 27 Oct 2008 19:27:33 +0000