Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 25 Jun 2014 17:03:33 -0700
From: Chris Steipp <csteipp@...imedia.org>
To: oss-security@...ts.openwall.com
Subject: Re: MediaWiki releases 1.19.17, 1.21.11, 1.22.8 and 1.23.1

Since the bug is public now
(http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-June/000155.html),
I didn't get a CVE in advance because I thought this was likely a
hardening fix. We couldn't find a way to exploit it to actually track
a user on our site. However, we kept it private until we released the
patch, since we weren't sure it couldn't be exploited on a wiki with
non-standard image handling.

On Wed, Jun 25, 2014 at 4:00 AM, Henri Salo <henri@...v.fi> wrote:
> http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-June/000154.html
>
> """
> this is a notice that on Wednesday, June 25th, between 20:00-22:00 UTC we will
> release security and maintenance updates for all current and supported branches
> of the MediaWiki software. Downloads and patches will be available at that time.
> """
>
> I'm not sure if those vulnerabilities already have CVEs. I asked from Markus G.
>
> Also please note End of lifetime announcement for MediaWiki 1.21
> http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-June/000153.html
>
> ---
> Henri Salo

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ