MGASA-2013-0368

Source
https://advisories.mageia.org/MGASA-2013-0368.html
Import Source
https://advisories.mageia.org/MGASA-2013-0368.json
JSON Data
https://api.test.osv.dev/v1/vulns/MGASA-2013-0368
Related
Published
2013-12-12T22:21:01Z
Modified
2013-12-12T22:20:38Z
Summary
Updated mediawiki packages fix security vulnerabilities
Details

Updated mediawiki packages fix security vulnerabilities:

Kevin Israel (Wikipedia user PleaseStand) identified and reported two vectors for injecting Javascript in CSS that bypassed MediaWiki's blacklist (CVE-2013-4567, CVE-2013-4568).

Internal review while debugging a site issue discovered that MediaWiki and the CentralNotice extension were incorrectly setting cache headers when a user was autocreated, causing the user's session cookies to be cached, and returned to other users (CVE-2013-4572).

References
Credits

Affected packages

Mageia:3 / mediawiki

Package

Name
mediawiki
Purl
pkg:rpm/mageia/mediawiki?distro=mageia-3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.20.8-1.mga3

Ecosystem specific

{
    "section": "core"
}