cve-ass...@mitre.org dixit:
See http://bugs.debian.org/696179 for details.
Use CVE-2012-6453.
Ok, thanks!
Forwarding to all parties: this is DSA-2596-1 for mediawiki-extensions.
bye,
//mirabilos
--
I want one of these. They cost 720 € though… good they don’t have the HD hole,
which indicates
On Wed, 26 Dec 2012, Jonathan Wiltshire wrote:
Hello MITRE people,
Did you hear anything about this yet?
Nothing. They are probably on holidays or something.
bye,
//mirabilos
--
«MyISAM tables -will- get corrupted eventually. This is a fact of life. »
“mysql is about as much database as ms
On Thu, Dec 20, 2012 at 10:37:22AM +0100, Thorsten Glaser wrote:
On Wed, 19 Dec 2012, Giuseppe Iuculano wrote:
On 17/12/2012 18:21, Jonathan Wiltshire wrote:
[ Debian ]
Security team: is it too late to get a CVE through you now that a public
bug has been filed? And should a DSA be
On Wed, 19 Dec 2012, Giuseppe Iuculano wrote:
On 17/12/2012 18:21, Jonathan Wiltshire wrote:
[ Debian ]
Security team: is it too late to get a CVE through you now that a public
bug has been filed? And should a DSA be prepared, as I have not looked
but can be fairly sure this will affect
Dixi quod…
Of course, this will not work on the message body. I’ll look at
Ok, it’s worse than I expected: when using “text” mode
with desc=on, the body is also vulnerable but on the
other hand, proper HTML is broken:
‣ pWill drive to a
Hi,
On 17/12/2012 18:21, Jonathan Wiltshire wrote:
Security team: is it too late to get a CVE through you now that a public
bug has been filed? And should a DSA be prepared, as I have not looked
but can be fairly sure this will affect stable.
yes, if it is public, we cannot assign a CVE. you
On Mon, 17 Dec 2012, Jonathan Wiltshire wrote:
At a quick glance this appears to affect upstream
Can you confirm this
Yes, it does.
have you sought out a CVE
number?
No, I’ve got no idea how all this CVE stuff works.
Do you volunteer, or one of the Mediawiki guys lurking here?
Otherwise
Dixi quod…
I bet joeyh is amusing himself that the Yurt is good for
something even after its dismantling ☺
And the most insulting of all is actually Planet Debian,
the indirectly-guilty party: it displays the blogpost as
lt;/yurtgt;
so it escapes “too much” into the o̲t̲h̲e̲r̲
Added security team to CC.
On 2012-12-17 17:00, Thorsten Glaser wrote:
On Mon, 17 Dec 2012, Jonathan Wiltshire wrote:
At a quick glance this appears to affect upstream
Can you confirm this
Yes, it does.
have you sought out a CVE
number?
No, I’ve got no idea how all this CVE stuff works.
On Mon, 17 Dec 2012, Platonides wrote:
http://www.mediawiki.org/wiki/Extension:RSS_Reader seems to live
exclusively at the wiki page, instead of being at a repository.
[…]
Just edit the page when fixing the bug.
Oh, okay. I just did so.
On Mon, 17 Dec 2012, Jonathan Wiltshire wrote:
(for
10 matches
Mail list logo
