Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 2 Aug 2014 07:47:56 +0200
From: Salvatore Bonaccorso <carnil@...ian.org>
To: Chris Steipp <csteipp@...imedia.org>
Cc: oss-security@...ts.openwall.com,
	CVE Assignments MITRE <cve-assign@...re.org>
Subject: Re: Possible CVE Request: MediaWiki Security and
 Maintenance Releases: 1.19.18, 1.22.9 and 1.23.2

Hi Chris,

On Thu, Jul 31, 2014 at 01:17:33PM -0700, Chris Steipp wrote:
> On Thu, Jul 31, 2014 at 12:35 PM, Salvatore Bonaccorso
> <carnil@...ian.org> wrote:
> > Hi
> >
> > New Security and maintenance releases for mediawiki (1.19.18, 1.22.9
> > and 1.23.2) were released:
> >
> > http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-July/000157.html
> >
> > From the announcement, three SECURITY tagged bugs were fixed.
> >
> > Are CVE assignments for those already been requested, or if not, could
> > you assign CVEs for these?
> 
> None have been requested or assigned.

Thanks for feedback (btw. should have Cc'ed you in advance on
this request).

> * (bug 68187) SECURITY: Prepend jsonp callback with comment.
> ** This was hardening against CVE-2014-4671, I don't think CVEs are
> being assigned for these?

No strong opinion here. There was at last CVE-2014-1546 assigned in
bugzilla for this
(https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-1546). So a CVE
might also be assigned for this.

Regards,
Salvatore

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ