Package: mediawiki Version: 1:1.7 Severity: grave Tags: security patch Hi,
The following CVE (Common Vulnerabilities & Exposures) id was published for mediawiki. [0]: > * A local script injection vulnerability affecting Internet Explorer > clients for all MediaWiki installations with uploads enabled. > [CVE-2008-5250] > * A local script injection vulnerability affecting clients with SVG > scripting capability (such as Firefox 1.5+), for all MediaWiki > installations with SVG uploads enabled. [CVE-2008-5250] A patch fixing this and other issues can be found at [0]. If you fix the vulnerability please also make sure to include the CVE id in the changelog entry. [0]http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5250 http://security-tracker.debian.net/tracker/CVE-2008-5250 Cheers, -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net
signature.asc
Description: This is a digitally signed message part.
