[Bug 290015] Re: [CVE-2008-4408] XSS attack vulnerability

2008-11-27 Thread Jamie Strandboge
Marking Invalid as Jaunty's version (1:1.13.2-1) has the fix. ** Changed in: mediawiki (Ubuntu) Status: New => Invalid -- [CVE-2008-4408] XSS attack vulnerability https://bugs.launchpad.net/bugs/290015 You received this bug notification because you are a member of Ubuntu Bugs, which is su

[Bug 290015] Re: [CVE-2008-4408] XSS attack vulnerability

2008-11-27 Thread Launchpad Bug Tracker
This bug was fixed in the package mediawiki - 1:1.11.2-2ubuntu0.1 --- mediawiki (1:1.11.2-2ubuntu0.1) hardy-security; urgency=low * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0, and possibly other versions before 1.13.2 allows remot

[Bug 290015] Re: [CVE-2008-4408] XSS attack vulnerability

2008-11-27 Thread Launchpad Bug Tracker
This bug was fixed in the package mediawiki - 1:1.12.0-2ubuntu0.1 --- mediawiki (1:1.12.0-2ubuntu0.1) intrepid-security; urgency=low * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0, and possibly other versions before 1.13.2 allows re

[Bug 290015] Re: [CVE-2008-4408] XSS attack vulnerability

2008-11-26 Thread Jamie Strandboge
Thanks for your patches! Your intrepid debdiff had a typo in the distribution name, but in the interest of time, I have fixed it and am uploading. -- [CVE-2008-4408] XSS attack vulnerability https://bugs.launchpad.net/bugs/290015 You received this bug notification because you are a member of Ubun

[Bug 290015] Re: [CVE-2008-4408] XSS attack vulnerability

2008-11-04 Thread Jamie Strandboge
** Changed in: mediawiki (Ubuntu Hardy) Assignee: (unassigned) => Iain Lane (laney) Status: New => In Progress ** Changed in: mediawiki (Ubuntu Intrepid) Status: New => In Progress ** Changed in: mediawiki (Ubuntu Intrepid) Assignee: (unassigned) => Iain Lane (laney) --

[Bug 290015] Re: [CVE-2008-4408] XSS attack vulnerability

2008-10-27 Thread Iain Lane
I don't have an exploit for this, I'm afraid. Tested in Hardy and Intrepid both before and after by creating and updating wikipages, performing various administrative tasks and editing user settings (including skin previews, which is the feature that these patches touch). All seemed to work fine.

[Bug 290015] Re: [CVE-2008-4408] XSS attack vulnerability

2008-10-27 Thread Iain Lane
** Attachment added: "mediawiki-xss-intrepid-security.debdiff" http://launchpadlibrarian.net/18953357/mediawiki-xss-intrepid-security.debdiff -- [CVE-2008-4408] XSS attack vulnerability https://bugs.launchpad.net/bugs/290015 You received this bug notification because you are a member of Ubun

[Bug 290015] Re: [CVE-2008-4408] XSS attack vulnerability

2008-10-27 Thread Iain Lane
** Attachment added: "mediawiki-xss-hardy-security.debdiff" http://launchpadlibrarian.net/18953348/mediawiki-xss-hardy-security.debdiff -- [CVE-2008-4408] XSS attack vulnerability https://bugs.launchpad.net/bugs/290015 You received this bug notification because you are a member of Ubuntu Bugs