Candidate: CVE-2013-4301
PublicDate: 2013-10-27 00:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4301
 https://bugzilla.wikimedia.org/show_bug.cgi?id=46332
Description:
 includes/resourceloader/ResourceLoaderContext.php in MediaWiki 1.19.x
 before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allows remote
 attackers to obtain sensitive information via a "<" (open angle bracket)
 character in the lang parameter to w/load.php, which reveals the
 installation path in an error message.
Ubuntu-Description:
Notes:
 mdeslaur> ubuntu packages have fixed paths. ignoring.
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_mediawiki:
upstream_mediawiki: released (1:1.19.8+dfsg-1)
lucid_mediawiki: ignored
precise_mediawiki: ignored
quantal_mediawiki: ignored
raring_mediawiki: ignored
devel_mediawiki: ignored