134115 – www-apps/mediawiki-1.6.x (x<6) : XSS vuln

Bug 134115 - www-apps/mediawiki-1.6.x (x<6) : XSS vuln

Summary: www-apps/mediawiki-1.6.x (x<6) : XSS vuln

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:	http://bugzilla.wikimedia.org/show_bu...
Whiteboard:	B4 [noglsa] Falco
Keywords:

Depends on:
Blocks:

Reported:	2006-05-23 07:48 UTC by Raphael Marichez (Falco) (RETIRED)
Modified:	2006-05-30 00:26 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Raphael Marichez (Falco) (RETIRED) gentoo-dev

2006-05-23 07:48:26 UTC

XSS vuln in the 1.6.x branch, <1.6.6

There will be no GLSA since 1.6.x is still ~arched.

1.6.6 is available http://www.mediawiki.org/wiki/Download. Trapni, Tchiwam, please provide a new ebuild :)

Comment 1 Philippe Trottier (RETIRED) gentoo-dev

2006-05-23 08:49:29 UTC

I can take this, seems to be only an ebuild rename.

Comment 2 Philippe Trottier (RETIRED) gentoo-dev

2006-05-23 08:57:47 UTC

commited ebuild mediawiki-1.6.6.ebuild, I will leave trapni to close the bug as he commited the 1.6.x and he might know more than me. After testing and reading around  I can't find why this would not be as good as the previous ebuild.

Comment 3 Raphael Marichez (Falco) (RETIRED) gentoo-dev

2006-05-23 11:00:05 UTC

thanks tchiwam !

it's the sec-team job to close security bugs. Since the ebuild is commited, i close the bug. Feel free to reopen if any trouble.

Comment 4 Christian Parpart (RETIRED) gentoo-dev

2006-05-30 00:26:35 UTC

thanks philippe