thr3ads.net - Secure testing team - [Secure-testing-team] Bug#677895: CVE-2012-2698: unescaped lang and dir [Jun 2012]

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

Luk Claes

2012-Jun-17 15:01 UTC

[Secure-testing-team] Bug#677895: CVE-2012-2698: unescaped lang and dir

Package: mediawiki
Severity: important
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for mediawiki.

CVE-2012-2698

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For a patch see:

https://bugzilla.wikimedia.org/show_bug.cgi?id=36938
https://gerrit.wikimedia.org/r/#/c/7979/

Note that for older versions you might need to use lang and dir instead
of userlang and userdir.

For further information see:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2698
http://security-tracker.debian.org/tracker/CVE-2012-2698

Cheers

Luk

Secure testing team - Jun 2012 - Bug#677895: CVE-2012-2698: unescaped lang and dir

[Secure-testing-team] Bug#677895: CVE-2012-2698: unescaped lang and dir