Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 300220 (CVE-2009-4589) - <www-apps/mediawiki-{1.14.1,1.15.1} XSS in getContribsLink() (CVE-2009-4589)
Summary: <www-apps/mediawiki-{1.14.1,1.15.1} XSS in getContribsLink() (CVE-2009-4589)
Alias: CVE-2009-4589
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [noglsa]
Depends on:
Reported: 2010-01-08 20:39 UTC by Stefan Behte (RETIRED)
Modified: 2010-08-12 08:14 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2010-01-08 20:39:23 UTC
CVE-2009-4589 (
  Cross-site scripting (XSS) vulnerability in the Special:Block
  implementation in the getContribsLink function in SpecialBlockip.php
  in MediaWiki 1.14.0 and 1.15.0 allows remote attackers to inject
  arbitrary web script or HTML via the ip parameter.
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-03-05 08:20:45 UTC
Package was already bumped, calling arches.
Comment 2 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-03-05 08:22:03 UTC
Arches, please test and mark stable:
Target keywords : "amd64 ppc sparc x86"
Already stabled : "ppc"
Missing keywords: "amd64 sparc x86"

Target keywords : "amd64 ppc sparc x86"
Comment 3 Christian Faulhammer (RETIRED) gentoo-dev 2010-03-05 12:28:56 UTC
x86 stable
Comment 4 Markus Meier gentoo-dev 2010-03-07 14:44:11 UTC
amd64 stable
Comment 5 Joe Jezak (RETIRED) gentoo-dev 2010-03-09 22:38:41 UTC
Marked ppc stable.
Comment 6 Raúl Porcel (RETIRED) gentoo-dev 2010-03-14 19:21:31 UTC
sparc stable
Comment 7 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-08-12 08:14:03 UTC
+  12 Aug 2010; Alex Legler <> -mediawiki-1.11.2.ebuild,
+  -mediawiki-1.12.3.ebuild, -mediawiki-1.13.3.ebuild,
+  -mediawiki-1.13.5.ebuild, -mediawiki-1.14.0.ebuild,
+  -mediawiki-1.15.1.ebuild:
+  Non-maintainer commit: Removing vulnerable versions for bug 300220.

Closing noglsa.