Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 80140

Summary: mediawiki upstream 1.3.9 contains security fix , not in portage
Product: Gentoo Security Reporter: Kevin Bryan <TenToThe8th>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: normal CC: trapni
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Kevin Bryan 2005-01-30 15:34:33 UTC
From http://wikipedia.sourceforge.net/:
1.3.9 released 2004-12-12 New stable release
mediawiki-1.3.9.tar.gz

MediaWiki 1.3.9 is a security and bug fix release.

A flaw in upload handling has been found which may allow upload and execution of arbitrary scripts with the permissions of the web server. Only wikis that have enabled uploads and have a vulnerable Apache configuration will be affected, but to be safe all wikis should upgrade.

Wikis with uploads available should either disable uploads or upgrade to 1.3.9 immediately; if other files are customized and require merging changes, includes/SpecialUpload.php may be replaced individually to add the fix.

Reproducible: Always
Steps to Reproduce:
Comment 1 Kevin Bryan 2005-01-30 17:20:29 UTC
Sorry, it is, in fact, in portage, even as stable.