1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
Candidate: CVE-2015-2932
PublicDate: 2015-04-13
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2932
https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
http://www.openwall.com/lists/oss-security/2015/04/01/1
Description:
Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before
1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject
arbitrary web script or HTML via an animated href XLink element.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
Patches_mediawiki:
upstream_mediawiki: released (1:1.19.20+dfsg-2.3)
lucid_mediawiki: ignored (reached end-of-life)
precise_mediawiki: ignored (reached end-of-life)
precise/esm_mediawiki: DNE (precise was needed)
trusty_mediawiki: needed
utopic_mediawiki: ignored (reached end-of-life)
vivid_mediawiki: ignored (reached end-of-life)
vivid/stable-phone-overlay_mediawiki: DNE
vivid/ubuntu-core_mediawiki: DNE
wily_mediawiki: ignored (reached end-of-life)
xenial_mediawiki: DNE
yakkety_mediawiki: ignored (reached end-of-life)
zesty_mediawiki: needed
devel_mediawiki: needed
|