Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 99132 - www-apps/mediawiki-1.4.6 version/security bump
Summary: www-apps/mediawiki-1.4.6 version/security bump
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High minor (vote)
Assignee: Gentoo Security
URL: http://sourceforge.net/project/showno...
Whiteboard: B4 [glsa] jaervosz
Keywords:
Depends on:
Blocks:
 
Reported: 2005-07-15 10:41 UTC by Daniel Webert
Modified: 2005-07-20 01:31 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Webert 2005-07-15 10:41:05 UTC
www-apps/mediawiki-1.4.6 version/security bump

1.4.6 released 2005-07-07: Stable series security and bugfix release

MediaWiki 1.4.6 is a bug fix and security update release.

Incorrect escaping of a parameter in the page move template could be used to inject JavaScript code by getting a victim to visit a maliciously constructed URL. Users of vulnerable releases are recommended to upgrade to this release.

Vulnerable versions:

    * 1.5 preview series: n <= 1.5beta2 vulnerable, fixed in 1.5beta3
    * 1.4 stable series: 1.4beta6 <= n <= 1.4.5 vulnerable, fixed in 1.4.6
    * 1.3 legacy series: not vulnerable

This release also includes fixes for some rare bug annoying HTTP errors, a PHP 4.1.2 breakage bug, and works around some template limitations introduced in 1.4.5.
Comment 1 Sune Kloppenborg Jeppesen gentoo-dev 2005-07-15 13:40:06 UTC
www-apps please bump. 
Comment 2 Renat Lumpau (RETIRED) gentoo-dev 2005-07-15 14:24:24 UTC
trapni?
Comment 3 Sven Wegener gentoo-dev 2005-07-16 08:11:12 UTC
*mediawiki-1.4.7 (16 Jul 2005)

  16 Jul 2005; Christian Parpart <trapni@gentoo.org>
  +mediawiki-1.4.7.ebuild:
  version bump
Comment 4 Sune Kloppenborg Jeppesen gentoo-dev 2005-07-16 11:17:19 UTC
Thx, this one is ready for GLSA vote. I tend to vote YES (prior GLSAs). 
Comment 5 Matthias Geerdsen (RETIRED) gentoo-dev 2005-07-17 11:50:18 UTC
agreed, 1/2 vote for a GLSA from me too
Comment 6 Thierry Carrez (RETIRED) gentoo-dev 2005-07-18 00:33:49 UTC
Go GLSA go
Comment 7 Christian Parpart (RETIRED) gentoo-dev 2005-07-19 06:00:34 UTC
arrrr! sorry, I missed you :) 
Comment 8 Thierry Carrez (RETIRED) gentoo-dev 2005-07-20 01:31:07 UTC
GLSA 200507-18