Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228763 Summary: CVE-2007-0894: mediawiki full path disclosure Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: normal Component: mediawiki AssignedTo: Axel.Thimm@xxxxxxxxxx ReportedBy: ville.skytta@xxxxxx QAContact: extras-qa@xxxxxxxxxxxxxxxxx CC: fedora-security- list@xxxxxxxxxx,fedora@xxxxxxxxxxxxxxxx,roozbeh@farsiweb .info http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0894 "MediaWiki before 1.9.2 allows remote attackers to obtain sensitive information via a direct request to (1) Simple.deps.php, (2) MonoBook.deps.php, (3) MySkin.deps.php, or (4) Chick.deps.php in wiki/skins, which shows the installation path in the resulting error message." 1.8.3 (current FE6) in the CVE entry is not listed as vulnerable, don't know if the omission is intentional. And whether installation path disclosure is an issue with Fedora packages can also be debated, reporting here just in case there's more to it. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
