This bug was fixed in the package mediawiki - 1:1.11.2-2ubuntu0.1
---------------
mediawiki (1:1.11.2-2ubuntu0.1) hardy-security; urgency=low
* SECURITY UPDATE:
Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0,
and possibly other versions before 1.13.2 allows remote attackers
to inject arbitrary web script or HTML via the useskin parameter
to an unspecified component. (LP: #290015)
- debian/patches/CVE-2008-4408.patch: Address XSS vulnerability. Based on
upstream/Debian patch.
- CVE-2008-4408
- http://svn.wikimedia.org/viewvc/mediawiki?view=rev&revision=41540
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501115
-- Iain Lane <[EMAIL PROTECTED]> Mon, 27 Oct 2008 20:17:44 +0000
--
[CVE-2008-4408] XSS attack vulnerability
https://bugs.launchpad.net/bugs/290015
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
