Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 300220 (CVE-2009-4589) - <www-apps/mediawiki-{1.14.1,1.15.1} XSS in getContribsLink() (CVE-2009-4589)
Summary: <www-apps/mediawiki-{1.14.1,1.15.1} XSS in getContribsLink() (CVE-2009-4589)
Status: RESOLVED FIXED
Alias: CVE-2009-4589
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: https://bugzilla.wikimedia.org/show_b...
Whiteboard: B3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2010-01-08 20:39 UTC by Stefan Behte (RETIRED)
Modified: 2010-08-12 08:14 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2010-01-08 20:39:23 UTC 
CVE-2009-4589 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4589):
  Cross-site scripting (XSS) vulnerability in the Special:Block
  implementation in the getContribsLink function in SpecialBlockip.php
  in MediaWiki 1.14.0 and 1.15.0 allows remote attackers to inject
  arbitrary web script or HTML via the ip parameter.
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-03-05 08:20:45 UTC 
Package was already bumped, calling arches.
Comment 2 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-03-05 08:22:03 UTC 
Arches, please test and mark stable:
=www-apps/mediawiki-1.14.1
Target keywords : "amd64 ppc sparc x86"
Already stabled : "ppc"
Missing keywords: "amd64 sparc x86"

=www-apps/mediawiki-1.15.1
Target keywords : "amd64 ppc sparc x86"
Comment 3 Christian Faulhammer (RETIRED) gentoo-dev 2010-03-05 12:28:56 UTC 
x86 stable
Comment 4 Markus Meier gentoo-dev 2010-03-07 14:44:11 UTC 
amd64 stable
Comment 5 Joe Jezak (RETIRED) gentoo-dev 2010-03-09 22:38:41 UTC 
Marked ppc stable.
Comment 6 Raúl Porcel (RETIRED) gentoo-dev 2010-03-14 19:21:31 UTC 
sparc stable
Comment 7 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-08-12 08:14:03 UTC 
+  12 Aug 2010; Alex Legler <a3li@gentoo.org> -mediawiki-1.11.2.ebuild,
+  -mediawiki-1.12.3.ebuild, -mediawiki-1.13.3.ebuild,
+  -mediawiki-1.13.5.ebuild, -mediawiki-1.14.0.ebuild,
+  -mediawiki-1.15.1.ebuild:
+  Non-maintainer commit: Removing vulnerable versions for bug 300220.
+

Closing noglsa.