Dixi quod… > On Mon, 17 Dec 2012, Jonathan Wiltshire wrote:
> > have you sought out a CVE > > number? > > No, I’ve got no idea how all this CVE stuff works. > > Do you volunteer, or one of the Mediawiki guys lurking here? > Otherwise I’d just open an entry in the MW bugtracker now, > if extensions are tracked there, that is. For CVE tracking, here’s a list of vulnerable softwares: • FusionForge 5.1, 5.2 and trunk, but not 5.0 or below; commit f7b371af6f7576058971fd248a93dd864d5b1ce1 fix on Branch_5_1 confirmed to close this hole; will be merged into 5.2 and trunk later ⇒ Impact: low (<script> filtered) • Tuleap, tested with version 5.7.99.9, possibly “all”, and possibly also Codendi (which is where Tuleap and FusionForge both have this widget from) ⇒ Impact: low (<script> filtered) • MediaWiki RSS_Reader extension (fix tested, works) ⇒ Impact: high (<script> *not* filtered) bye, //mirabilos -- tarent solutions GmbH Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/ Tel: +49 228 54881-393 • Fax: +49 228 54881-314 HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941 Geschäftsführer: Boris Esser, Sebastian Mancke -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
