Bug 114048 (CVE-2005-3165) - VUL-0: CVE-2005-3165: mediawiki neverending story (security release 1.4.9)
Summary: VUL-0: CVE-2005-3165: mediawiki neverending story (security release 1.4.9)
Status: RESOLVED FIXED
Alias: CVE-2005-3165
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other All
: P5 - None : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: CVE-2005-3165: CVSS v2 Base Score: 4....
Keywords:
Depends on:
Blocks:
 
Reported: 2005-08-30 08:41 UTC by Petr Ostadal
Modified: 2021-11-03 15:32 UTC (History)
0 users

See Also:
Found By: Other
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Petr Ostadal 2005-08-30 08:41:29 UTC 
== MediaWiki 1.4.9 ==

(released 2005-08-29)

MediaWiki 1.4.9 is a security maintenance release. It corrects two cross-site
scripting security bugs:

* <math> tags were handled incorrectly when TeX rendering support is off,
  as in the default configuration.
* Extension or <nowiki> sections in Wiki table syntax could bypass HTML
  style attribute restrictions for cross-site scripting attacks against
  Microsoft Internet Explorer

Wikis where the optional math support has been *enabled* are not vulnerable
to the first, but are vulnerable to the second.
Comment 1 Anna Maresova 2005-09-05 11:41:07 UTC 
fixes submitted
Comment 2 Marcus Meissner 2005-09-12 08:37:15 UTC 
released updated packages. thanks!
Comment 3 Marcus Meissner 2005-10-07 14:31:46 UTC 
CAN-2005-3165
Comment 4 Thomas Biege 2009-10-13 21:09:11 UTC 
CVE-2005-3165: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)