Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: CVE-2007-0894: mediawiki full path disclosure
Product: Fedora Extras
"MediaWiki before 1.9.2 allows remote attackers to obtain sensitive information
via a direct request to (1) Simple.deps.php, (2) MonoBook.deps.php, (3)
MySkin.deps.php, or (4) Chick.deps.php in wiki/skins, which shows the
installation path in the resulting error message."
1.8.3 (current FE6) in the CVE entry is not listed as vulnerable, don't know if
the omission is intentional. And whether installation path disclosure is an
issue with Fedora packages can also be debated, reporting here just in case
there's more to it.
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.