[Bug 228763] New: CVE-2007-0894: mediawiki full path disclosure

[bugzilla at redhat.com]

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.




https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228763

           Summary: CVE-2007-0894: mediawiki full path disclosure
           Product: Fedora Extras
           Version: fc6
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: medium
          Priority: normal
         Component: mediawiki
        AssignedTo: Axel.Thimm at ATrpms.net
        ReportedBy: ville.skytta at iki.fi
         QAContact: extras-qa at fedoraproject.org
                CC: fedora-security-
                    list at redhat.com,fedora at theholbrooks.org,roozbeh at farsiweb
                    .info


http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0894

"MediaWiki before 1.9.2 allows remote attackers to obtain sensitive information
via a direct request to (1) Simple.deps.php, (2) MonoBook.deps.php, (3)
MySkin.deps.php, or (4) Chick.deps.php in wiki/skins, which shows the
installation path in the resulting error message."

1.8.3 (current FE6) in the CVE entry is not listed as vulnerable, don't know if
the omission is intentional.  And whether installation path disclosure is an
issue with Fedora packages can also be debated, reporting here just in case
there's more to it.

-- 
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.