Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 99132
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Daniel Webert <rockoo@gmail.com>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 99132 depends on: Show dependency tree
Bug 99132 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-07-15 10:41 0000 
www-apps/mediawiki-1.4.6 version/security bump

1.4.6 released 2005-07-07: Stable series security and bugfix release

MediaWiki 1.4.6 is a bug fix and security update release.

Incorrect escaping of a parameter in the page move template could be used to inject JavaScript code by getting a victim to visit a maliciously constructed URL. Users of vulnerable releases are recommended to upgrade to this release.

Vulnerable versions:

    * 1.5 preview series: n <= 1.5beta2 vulnerable, fixed in 1.5beta3
    * 1.4 stable series: 1.4beta6 <= n <= 1.4.5 vulnerable, fixed in 1.4.6
    * 1.3 legacy series: not vulnerable

This release also includes fixes for some rare bug annoying HTTP errors, a PHP 4.1.2 breakage bug, and works around some template limitations introduced in 1.4.5.

------- Comment #1 From Sune Kloppenborg Jeppesen 2005-07-15 13:40:06 0000 ------- 
www-apps please bump.

------- Comment #2 From Renat Lumpau 2005-07-15 14:24:24 0000 ------- 
trapni?

------- Comment #3 From Sven Wegener 2005-07-16 08:11:12 0000 ------- 
*mediawiki-1.4.7 (16 Jul 2005)

  16 Jul 2005; Christian Parpart <trapni@gentoo.org>
  +mediawiki-1.4.7.ebuild:
  version bump

------- Comment #4 From Sune Kloppenborg Jeppesen 2005-07-16 11:17:19 0000 ------- 
Thx, this one is ready for GLSA vote. I tend to vote YES (prior GLSAs).

------- Comment #5 From Matthias Geerdsen 2005-07-17 11:50:18 0000 ------- 
agreed, 1/2 vote for a GLSA from me too

------- Comment #6 From Thierry Carrez (RETIRED) 2005-07-18 00:33:49 0000 ------- 
Go GLSA go

------- Comment #7 From Christian Parpart 2005-07-19 06:00:34 0000 ------- 
arrrr! sorry, I missed you :)

------- Comment #8 From Thierry Carrez (RETIRED) 2005-07-20 01:31:07 0000 ------- 
GLSA 200507-18
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug