CVE-2013-6453
Published: 12 May 2014
MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 does not properly sanitize SVG files, which allows remote attackers to have unspecified impact via invalid XML.
Priority
Status
Package | Release | Status |
---|---|---|
mediawiki Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Ignored
(end of life)
|
|
quantal |
Ignored
(end of life)
|
|
saucy |
Ignored
(end of life)
|
|
trusty |
Does not exist
(trusty was not-affected [1:1.19.11+dfsg-1])
|
|
upstream |
Released
(1:1.19.10+dfsg-1)
|
|
utopic |
Not vulnerable
(1:1.19.11+dfsg-1)
|
|
vivid |
Not vulnerable
(1:1.19.11+dfsg-1)
|
|
wily |
Not vulnerable
(1:1.19.11+dfsg-1)
|
|
xenial |
Does not exist
|
|
yakkety |
Not vulnerable
|
|
zesty |
Not vulnerable
|
|
Patches: upstream: https://bugzilla.wikimedia.org/attachment.cgi?id=14267 (1.19) upstream: https://bugzilla.wikimedia.org/attachment.cgi?id=14268 (1.21) upstream: https://bugzilla.wikimedia.org/attachment.cgi?id=14269 (1.22) |