Bug 114048 (CVE-2005-3165)

Summary: VUL-0: CVE-2005-3165: mediawiki neverending story (security release 1.4.9)
Product: [Novell Products] SUSE Security Incidents Reporter: Petr Ostadal <postadal>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None    
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: All   
Whiteboard: CVE-2005-3165: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Petr Ostadal 2005-08-30 08:41:29 UTC 
== MediaWiki 1.4.9 ==

(released 2005-08-29)

MediaWiki 1.4.9 is a security maintenance release. It corrects two cross-site
scripting security bugs:

* <math> tags were handled incorrectly when TeX rendering support is off,
  as in the default configuration.
* Extension or <nowiki> sections in Wiki table syntax could bypass HTML
  style attribute restrictions for cross-site scripting attacks against
  Microsoft Internet Explorer

Wikis where the optional math support has been *enabled* are not vulnerable
to the first, but are vulnerable to the second.
Comment 1 Anna Maresova 2005-09-05 11:41:07 UTC 
fixes submitted
Comment 2 Marcus Meissner 2005-09-12 08:37:15 UTC 
released updated packages. thanks!
Comment 3 Marcus Meissner 2005-10-07 14:31:46 UTC 
CAN-2005-3165
Comment 4 Thomas Biege 2009-10-13 21:09:11 UTC 
CVE-2005-3165: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)