Summary: | <www-apps/mediawiki-1.36.1: allows blocked users to purge pages (CVE-2021-35197) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | fordfrog, web-apps |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/2WSJ5T2GJQIC45YEB26OGTJM6HKWHEP3/ | ||
Whiteboard: | B3 [glsa+ cve] | ||
Package list: |
www-apps/mediawiki-1.36.1
|
Runtime testing required: | --- |
Description
John Helmert III
2021-06-22 22:29:50 UTC
Releases have been released: https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/YR3X4L2CPSEJVSY543AWEO65TD6APXHP/ * (T280226, CVE-2021-35197) SECURITY: Prevent blocked users from purging pages. Please bump. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e4755537bbe8955c4228f76fe5a3e62835761d51 commit e4755537bbe8955c4228f76fe5a3e62835761d51 Author: Miroslav Šulc <fordfrog@gentoo.org> AuthorDate: 2021-06-23 16:30:37 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2021-06-23 16:30:37 +0000 www-apps/mediawiki: bump to 1.36.1, dropped vulnerable 1.36.0 Bug: https://bugs.gentoo.org/797661 Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> www-apps/mediawiki/Manifest | 2 +- www-apps/mediawiki/{mediawiki-1.36.0.ebuild => mediawiki-1.36.1.ebuild} | 0 2 files changed, 1 insertion(+), 1 deletion(-) should be safe to stabilize. ALLARCHES stable. Closing. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4d5824b5bde90c1ad15875968c7a58c10919d4e2 commit 4d5824b5bde90c1ad15875968c7a58c10919d4e2 Author: Miroslav Šulc <fordfrog@gentoo.org> AuthorDate: 2021-06-24 07:52:13 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2021-06-24 07:52:53 +0000 www-apps/mediawiki: removed obsolete 1.35.2 Bug: https://bugs.gentoo.org/797661 Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> www-apps/mediawiki/Manifest | 1 - www-apps/mediawiki/mediawiki-1.35.2.ebuild | 86 ------------------------------ 2 files changed, 87 deletions(-) Thank you fordfrog. GLSA request filed. This issue was resolved and addressed in GLSA 202107-40 at https://security.gentoo.org/glsa/202107-40 by GLSA coordinator John Helmert III (ajak). |