I have been cleaning a lot of mediawiki stuff today and I read this ... the ebuild is already online. fixing this problem: http://mail.wikipedia.org/pipermail/mediawiki-announce/2006-July/000050.html Do what you want, It's fixed, it is more to advertise to people who installed the 1.6.x series and would not know about it.
web-apps please advise.
145613 is a duplicate of this close the one that is not making sense. the secure or the non secure. My appoligy for creating 2 bugs.
*** Bug 145613 has been marked as a duplicate of this bug. ***
It seems this vulnerability is probably not relevent on the default way gentoo compiles php. I'd like others to confirm that as I am not a php guru.
"Only versions and configurations of PHP vulnerable to the $GLOBALS overwrite vulnerability are affected." our default configuration is safe. Thus, this should be fixed but with no glsa, and this is really not critical. I don't know if the 1.5 branch is affected. Our latest stable version is 1.5.8. web-apps, please could you check this, thanks.
1.5.8 should not be affected by this problem as per the mediawiki webpage. 1.6.8 is already released as testing (before even this bug was filed) All vulnerable versions have been removed from the tree Let's close this bug and call it a day, unless someone can say 1.5.8 is vulnerable.
OK guys can we close this ? 1.6.8 is now stable, php5 of gentoo is not affected.. let's close this.
closing without GLSA since the affected packages were all marked unstable at that time, correct me if I am wrong there