Author: jmm Date: 2012-08-31 08:31:36 +0000 (Fri, 31 Aug 2012) New Revision: 20062 Modified: data/CVE/list Log: new mediawiki issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2012-08-31 08:00:30 UTC (rev 20061) +++ data/CVE/list 2012-08-31 08:31:36 UTC (rev 20062) @@ -1,3 +1,22 @@ +CVE-2012-XXXX [mediawiki stored XSS] + - mediawiki <unfixed> (bug #686330) + [squeeze] - mediawiki <not-affected> (Introduced in 1.16) + NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39700 +CVE-2012-XXXX [DOM-based XSS] + - mediawiki <unfixed> (bug #686330) + NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=37587 +CVE-2012-XXXX [CSRF] + - mediawiki <unfixed> (bug #686330) + NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39180 +CVE-2012-XXXX [Insufficient API for account creation block] + - mediawiki <unfixed> (bug #686330) + NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39824 +CVE-2012-XXXX [Passwords were stored in local DB even if auth systems like LDAP were used] + - mediawiki <unfixed> (bug #686330) + NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39184 +CVE-2012-XXXX [Info leak in user blocks] + - mediawiki <unfixed> (bug #686330) + NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39823 CVE-2012-XXXX - juju 0.5.1-2 (bug #685728) CVE-2012-4681 (Oracle Java 7 Update 6, and possibly other versions, allows remote ...)