Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 114582 - =www-apps/mediawiki-1.5*: possible remote code execution
Summary: =www-apps/mediawiki-1.5*: possible remote code execution
Status: RESOLVED DUPLICATE of bug 114581
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-12-05 16:58 UTC by Carsten Lohrke (RETIRED)
Modified: 2005-12-05 23:25 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Carsten Lohrke (RETIRED) gentoo-dev 2005-12-05 16:58:56 UTC 
== MediaWiki 1.5.3 ==

December 4, 2005

MediaWiki 1.5.3 is a security and bugfix maintenance release.

Validation of the user language option was broken by a code change in
May 2005, opening the possibility of remote code execution as this
parameter is used in forming a class name dynamically created with
eval().

The validation has been corrected in this version. All prior 1.5 release
and prelease versions are affected; 1.4 and earlier and not affected.

Additionally several bugs have been fixed; see the changelog later in
this file for a complete list.

http://sourceforge.net/project/shownotes.php?group_id=34373&release_id=375755
Comment 1 Christian Parpart (RETIRED) gentoo-dev 2005-12-05 22:45:53 UTC 
version bumped to 1.5.3 (that includes a fix).  
old/sick versions cleaned up in one go. 
 
security shall close this bug when they feel comfortable now :o) 
 
greetings.
Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-12-05 23:25:55 UTC 
Mmm I feel comfortable now. 

*** This bug has been marked as a duplicate of 114581 ***