View | Details | Raw Unified | Return to bug 202328
Collapse All | Expand All

(-)vuln.xml (+45 lines)
Lines 58-63 Link Here
58 

          58
          

        

        

          59
          
-->

          59
          
-->

        

        

          60
          
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">

          60
          
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">

        

            

              
              
              61
              
  <vuln vid="6241b5df-42a1-11e5-93ad-002590263bf5">

            

            

              62
              
    <topic>mediawiki -- multiple vulnerabilities</topic>

            

            

              63
              
    <affects>

            

            

              64
              
      <package>

            

            

              65
              
	<name>mediawiki123</name>

            

            

              66
              
	<range><lt>1.23.10</lt></range>

            

            

              67
              
      </package>

            

            

              68
              
      <package>

            

            

              69
              
	<name>mediawiki124</name>

            

            

              70
              
	<range><lt>1.24.3</lt></range>

            

            

              71
              
      </package>

            

            

              72
              
      <package>

            

            

              73
              
	<name>mediawiki125</name>

            

            

              74
              
	<range><lt>1.25.2</lt></range>

            

            

              75
              
      </package>

            

            

              76
              
    </affects>

            

            

              77
              
    <description>

            

            

              78
              
      <body xmlns="http://www.w3.org/1999/xhtml">

            

            

              79
              
	<p>MediaWiki reports:</p>

            

            

              80
              
	<blockquote cite="https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html">

            

            

              81
              
	  <p>Internal review discovered that Special:DeletedContributions did

            

            

              82
              
	    not properly protect the IP of autoblocked users. This fix makes

            

            

              83
              
	    the functionality of Special:DeletedContributions consistent with

            

            

              84
              
	    Special:Contributions and Special:BlockList.</p>

            

            

              85
              
	  <p>Internal review discovered that watchlist anti-csrf tokens were not

            

            

              86
              
	    being compared in constant time, which could allow various timing

            

            

              87
              
	    attacks. This could allow an attacker to modify a user's watchlist

            

            

              88
              
	    via csrf</p>

            

            

              89
              
	  <p>John Menerick reported that MediaWiki's thumb.php failed to sanitize

            

            

              90
              
	    various error messages, resulting in xss.</p>

            

            

              91
              
	</blockquote>

            

            

              92
              
      </body>

            

            

              93
              
    </description>

            

            

              94
              
    <references>

            

            

              95
              
      <url>https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html</url>

            

            

              96
              
      <url>https://phabricator.wikimedia.org/T106893</url>

            

            

              97
              
      <url>https://phabricator.wikimedia.org/T94116</url>

            

            

              98
              
      <url>https://phabricator.wikimedia.org/T97391</url>

            

            

              99
              
    </references>

            

            

              100
              
    <dates>

            

            

              101
              
      <discovery>2015-08-10</discovery>

            

            

              102
              
      <entry>2015-08-14</entry>

            

            

              103
              
    </dates>

            

            

              104
              
  </vuln>

            

            

              105
              

            

        

          61
          
  <vuln vid="0c2c4d84-42a2-11e5-9daa-14dae9d210b8">

          106
          
  <vuln vid="0c2c4d84-42a2-11e5-9daa-14dae9d210b8">

        

        

          62
          
    <topic>freeradius3 -- insufficient validation on packets</topic>

          107
          
    <topic>freeradius3 -- insufficient validation on packets</topic>

        

        

          63
          
    <affects>

          108
          
    <affects>

        






  

  Return to bug 202328