← Back to branch summary

~ubuntu-security/ubuntu-cve-tracker/master

« back to all changes in this revision

Viewing changes to active/CVE-2015-6729

  • Committer: Steve Beattie
  • Date: 2019-02-19 06:18:27 UTC
  • Revision ID: sbeattie@ubuntu.com-20190219061827-oh57fzcfc1u9dlfk
The ubuntu-cve-tracker project has been converted to git.

Please use 'git clone https://git.launchpad.net/ubuntu-cve-tracker' to
get the converted tree.

Show diffs side-by-side

added added

removed removed

Lines of Context:
active/CVE-2015-6729
1
 
Candidate: CVE-2015-6729
2
 
PublicDate: 2015-09-01
3
 
References:
4
 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6729
5
 
 https://phabricator.wikimedia.org/T97391
6
 
 http://www.openwall.com/lists/oss-security/2015/08/27
7
 
Description:
8
 
 Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before
9
 
 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote
10
 
 attackers to inject arbitrary web script or HTML via the rel404 parameter,
11
 
 which is not properly handled in an error page.
12
 
Ubuntu-Description:
13
 
Notes:
14
 
Bugs:
15
 
Priority: medium
16
 
Discovered-by: John Menerick
17
 
Assigned-to:
18
 
 
19
 
Patches_mediawiki:
20
 
 upstream: https://phab.wmfusercontent.org/file/data/zm24swymokh5ac5bqsms/PHID-FILE-n2jrbxtlmei74wxmvbsa/T97391.patch
21
 
upstream_mediawiki: needed
22
 
precise_mediawiki: ignored (reached end-of-life)
23
 
precise/esm_mediawiki: DNE (precise was needed)
24
 
trusty_mediawiki: needed
25
 
vivid_mediawiki: ignored (reached end-of-life)
26
 
vivid/stable-phone-overlay_mediawiki: DNE
27
 
vivid/ubuntu-core_mediawiki: DNE
28
 
wily_mediawiki: ignored (reached end-of-life)
29
 
xenial_mediawiki: DNE
30
 
yakkety_mediawiki: ignored (reached end-of-life)
31
 
zesty_mediawiki: ignored (reached end-of-life)
32
 
artful_mediawiki: needed
33
 
bionic_mediawiki: needed
34
 
devel_mediawiki: needed