Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 212170 - www-apps/mediawiki < 1.11.2 Multiple issues (CVE-2008-1318)
Summary: www-apps/mediawiki < 1.11.2 Multiple issues (CVE-2008-1318)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://lists.wikimedia.org/pipermail/...
Whiteboard: B4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2008-03-03 10:42 UTC by Hanno Böck
Modified: 2008-03-15 14:16 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2008-03-03 10:42:35 UTC 
Cite release announcement:
"MediaWiki 1.11.2 is a security release of the Fall 2007 snapshot release
of MediaWiki. Possible cross-site information leaks using the callback
parameter for JSON-formatted results in the API are prevented by
dropping user credentials."
Comment 1 Benedikt Böhm (RETIRED) gentoo-dev 2008-03-03 13:28:40 UTC 
in cvs, ready for stabilization
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2008-03-03 18:10:42 UTC 
=www-apps/mediawiki-1.11.2
Target keywords : "amd64 ppc release sparc x86"
Comment 3 Markus Meier gentoo-dev 2008-03-03 18:35:11 UTC 
x86 stable
Comment 4 Raúl Porcel (RETIRED) gentoo-dev 2008-03-04 10:53:26 UTC 
sparc stable
Comment 5 Tobias Scherbaum (RETIRED) gentoo-dev 2008-03-04 20:56:35 UTC 
ppc stable
Comment 6 Peter Volkov (RETIRED) gentoo-dev 2008-03-08 19:37:39 UTC 
amd64 stable
Comment 7 Peter Volkov (RETIRED) gentoo-dev 2008-03-09 10:20:07 UTC 
Fixed in release snapshot.
Comment 8 Tobias Heinlein (RETIRED) gentoo-dev 2008-03-11 17:16:20 UTC 
All done, ready for vote.

I vote NO.
Comment 9 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-03-11 21:40:28 UTC 
NO too, closing.