Date: Sat, 2 Aug 2014 07:47:56 +0200 From: Salvatore Bonaccorso <carnil@...ian.org> To: Chris Steipp <csteipp@...imedia.org> Cc: oss-security@...ts.openwall.com, CVE Assignments MITRE <cve-assign@...re.org> Subject: Re: Possible CVE Request: MediaWiki Security and Maintenance Releases: 1.19.18, 1.22.9 and 1.23.2 Hi Chris, On Thu, Jul 31, 2014 at 01:17:33PM -0700, Chris Steipp wrote: > On Thu, Jul 31, 2014 at 12:35 PM, Salvatore Bonaccorso > <carnil@...ian.org> wrote: > > Hi > > > > New Security and maintenance releases for mediawiki (1.19.18, 1.22.9 > > and 1.23.2) were released: > > > > http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-July/000157.html > > > > From the announcement, three SECURITY tagged bugs were fixed. > > > > Are CVE assignments for those already been requested, or if not, could > > you assign CVEs for these? > > None have been requested or assigned. Thanks for feedback (btw. should have Cc'ed you in advance on this request). > * (bug 68187) SECURITY: Prepend jsonp callback with comment. > ** This was hardening against CVE-2014-4671, I don't think CVEs are > being assigned for these? No strong opinion here. There was at last CVE-2014-1546 assigned in bugzilla for this (https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-1546). So a CVE might also be assigned for this. Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ