Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 445065 (CVE-2012-5391) - <www-apps/mediawiki-1.19.3: Security Bypass Vulnerabilities (CVE-2012-5391)
Summary: <www-apps/mediawiki-1.19.3: Security Bypass Vulnerabilities (CVE-2012-5391)
Status: RESOLVED FIXED
Alias: CVE-2012-5391
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL: https://secunia.com/advisories/51424/
Whiteboard: B4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2012-11-28 11:41 UTC by Agostino Sarubbo
Modified: 2012-12-10 19:00 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2012-11-28 11:41:05 UTC
From https://secunia.com/advisories/51424/ :

Description
Multiple vulnerabilities have been reported in MediaWiki, which can be exploited by malicious users 
and malicious people to bypass certain security restrictions.

1) Some unspecified errors can be exploited to gain access to another user's account.

2) An unspecified error can be exploited to prevent access to e.g. the "Special:RecentChanges" 
page.

The vulnerabilities are reported in versions prior to 1.18.6, 1.19.3, and 1.20.1.


Solution
Versions 1.18.6, 1.19.3, and 1.20.1 are scheduled to be release on November 29th, 2012 between 
21:00-22:00 UTC.

Provided and/or discovered by
Reported by the vendor.

Original Advisory
http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-November/000121.html
Comment 1 Tim Harder gentoo-dev 2012-11-30 04:38:07 UTC
Security bumps added to CVS. Feel free to stabilize 1.19.3.
Comment 2 Sean Amoss (RETIRED) gentoo-dev Security 2012-12-01 14:15:16 UTC
(In reply to comment #1)
> Security bumps added to CVS. Feel free to stabilize 1.19.3.

Thanks, Tim.

Arches, please test and mark stable:
=www-apps/mediawiki-1.19.3
Target KEYWORDS: "amd64 ppc x86"
Comment 3 Agostino Sarubbo gentoo-dev 2012-12-01 21:26:33 UTC
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2012-12-02 15:42:33 UTC
ppc stable
Comment 5 Andreas Schürch gentoo-dev 2012-12-03 13:10:47 UTC
x86 done, last arch.
Comment 6 Sean Amoss (RETIRED) gentoo-dev Security 2012-12-06 18:26:03 UTC
Thanks, everyone.

GLSA vote: no.
Comment 7 Tim Sammut (RETIRED) gentoo-dev 2012-12-10 19:00:33 UTC
Thanks, folks. GLSA Vote: no too, closing noglsa.