Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 815376 (CVE-2021-41798, CVE-2021-41799, CVE-2021-41800) - <www-apps/mediawiki-1.36.2: multiple vulnerabilities
Summary: <www-apps/mediawiki-1.36.2: multiple vulnerabilities
Status: IN_PROGRESS
Alias: CVE-2021-41798, CVE-2021-41799, CVE-2021-41800
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://lists.wikimedia.org/hyperkitt...
Whiteboard: B3 [glsa]
Keywords:
Depends on: 815640
Blocks:
  Show dependency tree
 
Reported: 2021-09-29 17:03 UTC by John Helmert III
Modified: 2022-12-26 20:39 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-09-29 17:03:21 UTC 
From URL:

Tomorrow we will be issuing a security and maintenance release to all
supported branches of MediaWiki.

The new releases will be:

- 1.31.16
- 1.35.4
- 1.36.2

This will resolve 3 issues in MediaWiki core and also includes some fixes
previously committed to git, including minor security and hardening patches
along with bug fixes included for maintenance reasons.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-09-30 18:30:21 UTC 
Please bump to 1.36.2.
Comment 2 Larry the Git Cow gentoo-dev 2021-10-01 12:00:33 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3d4e80120420a01be97bf7366bfd6805a37272f1

commit 3d4e80120420a01be97bf7366bfd6805a37272f1
Author:     Miroslav Šulc <fordfrog@gentoo.org>
AuthorDate: 2021-10-01 12:00:15 +0000
Commit:     Miroslav Šulc <fordfrog@gentoo.org>
CommitDate: 2021-10-01 12:00:30 +0000

    www-apps/mediawiki: bump to 1.36.2
    
    Bug: https://bugs.gentoo.org/815376
    Package-Manager: Portage-3.0.26, Repoman-3.0.3
    Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org>

 www-apps/mediawiki/Manifest                |  1 +
 www-apps/mediawiki/mediawiki-1.36.2.ebuild | 86 ++++++++++++++++++++++++++++++
 2 files changed, 87 insertions(+)
Comment 3 Larry the Git Cow gentoo-dev 2021-10-02 07:32:07 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8773d06fa788fcfa6f0f4210c17f98351ff37007

commit 8773d06fa788fcfa6f0f4210c17f98351ff37007
Author:     Miroslav Šulc <fordfrog@gentoo.org>
AuthorDate: 2021-10-02 07:31:46 +0000
Commit:     Miroslav Šulc <fordfrog@gentoo.org>
CommitDate: 2021-10-02 07:31:46 +0000

    www-apps/mediawiki: removed vulnerable 1.36.1
    
    Bug: https://bugs.gentoo.org/815376
    Package-Manager: Portage-3.0.26, Repoman-3.0.3
    Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org>

 www-apps/mediawiki/Manifest                |  1 -
 www-apps/mediawiki/mediawiki-1.36.1.ebuild | 86 ------------------------------
 2 files changed, 87 deletions(-)
Comment 4 Miroslav Šulc gentoo-dev 2021-10-02 07:32:35 UTC 
the tree is clean now, you can proceed.
Comment 5 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-10-02 13:11:55 UTC 
Thanks!
Comment 6 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-12-26 20:39:54 UTC 
GLSA request filed.