| Summary: | www-apps/mediawiki-1.6.x (x<7) : XSS vuln | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Raphael Marichez (Falco) (RETIRED) <falco> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | trivial | CC: | tchiwam, trapni |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://secunia.com/advisories/20458/ | ||
| Whiteboard: | ~4 [noglsa] Falco | ||
| Package list: | Runtime testing required: | --- | |
|
Description
Raphael Marichez (Falco) (RETIRED)
2006-06-07 03:12:03 UTC
If we quote their own text, "The vulnerability has been reported in versions 1.6.0 through 1.6.6." Anytest we could do to verify this ? I will create the new ebuild within the next 8 hours. Interesting enough, it works again with a simple version bump... problem is I cannot find an MD5 from their site to confirm it is the right one I downloaded. I don't know if this something we should complain about? Anyway 1.6.7 is in the world of Gentoo. I am quite sure it is the right one. thanks again for the fastness, it's really great :) . I let your team check if everything is right. >>> Emerging (1 of 1) www-apps/mediawiki-1.6.7 to /
>>> checking ebuild checksums ;-)
>>> checking auxfile checksums ;-)
>>> checking miscfile checksums ;-)
>>> checking mediawiki-1.6.7.tar.gz
!!! Digest verification failed:
!!! /usr/portage/distfiles/mediawiki-1.6.7.tar.gz
!!! Reason: Filesize does not match recorded size
!!! Got: 2728980
!!! Expected: 12208
For some reason, I installed the right tar ball, but my overlay got the webpage linking to it. Commited and it should be fixed with the right file. |