CVE-2022-39194: An issue was discovered in the MediaWiki through 1.38.2. The community configuration pages for the GrowthExperiments extension could cause a site to become unavailable due to insufficient validation when certain actions (including page moves) were performed. Unsure if this is in any release, not really sure how to work phabricator
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=27a7cc9d97b1a12cf5c6e6464f2349d7c9823230 commit 27a7cc9d97b1a12cf5c6e6464f2349d7c9823230 Author: Miroslav Šulc <fordfrog@gentoo.org> AuthorDate: 2022-09-30 03:40:14 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2022-09-30 03:40:14 +0000 www-apps/mediawiki: bump to 1.37.6 Bug: https://bugs.gentoo.org/868141 Bug: https://bugs.gentoo.org/873385 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> www-apps/mediawiki/Manifest | 1 + www-apps/mediawiki/mediawiki-1.37.6.ebuild | 86 ++++++++++++++++++++++++++++++ 2 files changed, 87 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5ebe28034a2a04865a9601f4b9356cbf4b211537 commit 5ebe28034a2a04865a9601f4b9356cbf4b211537 Author: Miroslav Šulc <fordfrog@gentoo.org> AuthorDate: 2022-09-30 03:38:53 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2022-09-30 03:38:53 +0000 www-apps/mediawiki: bump to 1.38.4 Bug: https://bugs.gentoo.org/868141 Bug: https://bugs.gentoo.org/873385 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> www-apps/mediawiki/Manifest | 1 + www-apps/mediawiki/mediawiki-1.38.4.ebuild | 86 ++++++++++++++++++++++++++++++ 2 files changed, 87 insertions(+)
Do we have any idea if patches for this issue made it into the releases?
(In reply to John Helmert III from comment #2) > Do we have any idea if patches for this issue made it into the releases? i was searching the installed sources of mediawiki and i found GrowthExperiments only in comments, so my conclusion is that this extension is not part of the standard distribution.
Ah, sorry! Totally missed that this only affected an extension.