Debian Bug report logs -
#590669
mediawiki: XSS vulnerability in profileinfo.php
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Mediawiki Maintenance Team <pkg-mediawiki-devel@lists.alioth.debian.org>:
Bug#590669; Package mediawiki.
(Wed, 28 Jul 2010 11:03:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Jonathan Wiltshire <debian@jwiltshire.org.uk>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Mediawiki Maintenance Team <pkg-mediawiki-devel@lists.alioth.debian.org>.
(Wed, 28 Jul 2010 11:03:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: mediawiki
Version: 1:1.15.4-2
Severity: serious
Tags: security upstream
Justification: user security hole, when default changed by local admin
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- From http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html:
A cross-site scripting (XSS) vulnerability was discovered in
profileinfo.php. The vulnerability is only exposed when the script is
explicitly enabled in LocalSettings.php, with $wgEnableProfileInfo = true.
- -- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages mediawiki depends on:
ii apache2 2.2.16-1 Apache HTTP Server metapackage
ii apache2-mpm-prefork [httpd] 2.2.16-1 Apache HTTP Server - traditional n
ii debconf [debconf-2.0] 1.5.33 Debian configuration management sy
ii mime-support 3.48-1 MIME files 'mime.types' & 'mailcap
ii php5 5.3.2-2 server-side, HTML-embedded scripti
ii php5-mysql 5.3.2-2 MySQL module for php5
ii php5-pgsql 5.3.2-2 PostgreSQL module for php5
Versions of packages mediawiki recommends:
ii mysql-server 5.1.48-1 MySQL database server (metapackage
ii mysql-server-5.1 [mysql-serve 5.1.48-1 MySQL database server binaries and
ii php5-cli 5.3.2-2 command-line interpreter for the p
Versions of packages mediawiki suggests:
ii clamav 0.96.1+dfsg-3 anti-virus utility for Unix - comm
ii imagemagick 7:6.6.2.6-1 image manipulation programs
pn mediawiki-math <none> (no description available)
pn memcached <none> (no description available)
ii php5-gd 5.3.2-2 GD module for php5
- -- Configuration Files:
/etc/mediawiki/apache.conf changed [not included]
- -- debconf information excluded
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBAgAGBQJMUA2OAAoJEFOUR53TUkxR2bIP/1VZO1Vfj69Qt9bw0nJRa5OS
4SP6JbaFdm9GXyq1Se2IL+bMNztggFlUjx06DUSgkJWc47PHQEhhbJbMz6cGmWlv
Tx89sh+6QUOk0vaPUdRC68bqrW35M5iKSnYN45XmsUmr2CFvi96vmhAJ5//P26di
Z5aiwSbqJfrQEqQiMvz8FDu6pUnI3Im+uYESs5JnM7WZkwYSU4+Sq5SLKSdzNp71
8yHkUF01zYXiidGAIf/hRYocFM4aLlB9rumZHyibeSrM1znCUmpCuXHGLPurffp/
ha6sDEkjNJiW/lJLxTAwaf67Ug9QJ6T/2TZktszZkGmjoxY2VK/kQsNSuGLWixp+
DWQGhLh4sHG63RdlPevTL+Lk1QKklFlCH4ueN5zvIP70cW+x8m8DHWFnDFDcKPhB
TQ0XFS8BCRXrEztYO2sIbuBEVoDfRKnfHb8TGq6ngLBVAS04X4iugfCxXfwuYt8G
c2KI+M1WQq2HLZ+kBysUjhYk0VVgDSxSA9YM1rVoaGQakZ4nFMgtUz8s2YnNeFzR
sGAcwUAN6pzXx6BGUnBp8VrVN5coy3YZUq8ALoh0hMmxhj2nn8kt/0+wnH3Oz3o8
PskYswVLzS5mvUFXCrgdrhrQlK+3Z4j06a/uHnfPkRYLCUgEQVBADJQGJFoSufaP
2KGvL+/tSafQ9A4pUNVl
=yj3S
-----END PGP SIGNATURE-----
Added tag(s) pending.
Request was from Jonathan Wiltshire <debian@jwiltshire.org.uk>
to control@bugs.debian.org.
(Wed, 28 Jul 2010 13:24:08 GMT) (full text, mbox, link).
Reply sent
to Jonathan Wiltshire <debian@jwiltshire.org.uk>:
You have taken responsibility.
(Wed, 28 Jul 2010 13:48:07 GMT) (full text, mbox, link).
Notification sent
to Jonathan Wiltshire <debian@jwiltshire.org.uk>:
Bug acknowledged by developer.
(Wed, 28 Jul 2010 13:48:07 GMT) (full text, mbox, link).
Message #14 received at 590669-close@bugs.debian.org (full text, mbox, reply):
Source: mediawiki
Source-Version: 1:1.15.5-1
We believe that the bug you reported is fixed in the latest version of
mediawiki, which is due to be installed in the Debian FTP archive:
mediawiki-math_1.15.5-1_i386.deb
to main/m/mediawiki/mediawiki-math_1.15.5-1_i386.deb
mediawiki_1.15.5-1.debian.tar.gz
to main/m/mediawiki/mediawiki_1.15.5-1.debian.tar.gz
mediawiki_1.15.5-1.dsc
to main/m/mediawiki/mediawiki_1.15.5-1.dsc
mediawiki_1.15.5-1_all.deb
to main/m/mediawiki/mediawiki_1.15.5-1_all.deb
mediawiki_1.15.5.orig.tar.gz
to main/m/mediawiki/mediawiki_1.15.5.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 590669@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jonathan Wiltshire <debian@jwiltshire.org.uk> (supplier of updated mediawiki package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA384
Format: 1.8
Date: Wed, 28 Jul 2010 12:23:04 +0100
Source: mediawiki
Binary: mediawiki mediawiki-math
Architecture: source all i386
Version: 1:1.15.5-1
Distribution: unstable
Urgency: high
Maintainer: Mediawiki Maintenance Team <pkg-mediawiki-devel@lists.alioth.debian.org>
Changed-By: Jonathan Wiltshire <debian@jwiltshire.org.uk>
Description:
mediawiki - website engine for collaborative work
mediawiki-math - math rendering plugin for MediaWiki
Closes: 590660 590669
Changes:
mediawiki (1:1.15.5-1) unstable; urgency=high
.
[ Thorsten Glaser ]
* debian/patches/suppress_warnings.patch: new, suppress warnings
about session_start() being called twice also in the PHP error
log, not just MediaWiki’s, for example run from FusionForge
.
[ Jonathan Wiltshire ]
* New upstream security release:
- correctly set caching headers to prevent private data leakage
(closes: #590660, LP: #610782)
- fix XSS vulnerability in profileinfo.php
(closes: #590669, LP: #610819)
Checksums-Sha1:
f41f629197929384c50da1871d6c566ad5da2115 2049 mediawiki_1.15.5-1.dsc
b157fe37bb89c78e5ffa0f27b14beb886db3a5f4 11595008 mediawiki_1.15.5.orig.tar.gz
c02e4ae0d9959ca1ca61f0de2813ddf597ceeb04 34517 mediawiki_1.15.5-1.debian.tar.gz
28cb5025e565aa88b4796ce866cc054cd3e972d7 11715442 mediawiki_1.15.5-1_all.deb
b11a75b14e038e9c4968f4bfbedaa1af92841f3c 282130 mediawiki-math_1.15.5-1_i386.deb
Checksums-Sha256:
8472862d6c0b3e1599061c747f2b2687a26138fff76f17d82f7bf6c0b00429a1 2049 mediawiki_1.15.5-1.dsc
f838c94af81e018dcf11f77674d2a363e97b8832d0d66416294fd301db720ab5 11595008 mediawiki_1.15.5.orig.tar.gz
51ada8022e17baea0e284ee20792f8ed735e131f47bc7e2413b32778b77a45f7 34517 mediawiki_1.15.5-1.debian.tar.gz
44ae005a15e28ed52d7c2ec67682108a78db07e4ca407518127ec75dc3f77827 11715442 mediawiki_1.15.5-1_all.deb
7420dd8f3ffc10ee3f24a591aed9f59bd14e7996e2dcc90e398f2063e805ec0c 282130 mediawiki-math_1.15.5-1_i386.deb
Files:
8a86fe456ac09165080969c25572b133 2049 web optional mediawiki_1.15.5-1.dsc
01c4c85fb96991d962c8acb3d892ec2d 11595008 web optional mediawiki_1.15.5.orig.tar.gz
c7bc284dbda0d93e073327dc73369467 34517 web optional mediawiki_1.15.5-1.debian.tar.gz
93c3da1d795bdee8a229cf4d4163b119 11715442 web optional mediawiki_1.15.5-1_all.deb
3bea785c5dcf9974644ab98510fd12b3 282130 web optional mediawiki-math_1.15.5-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MirBSD)
iQIVAwUBTFAy9Xa1NLLpkAfgAQnvmQ/+Nhn4nsfXrO54kr2+atVZ5tEY5TpY4MtJ
KWPy5A9li7knK//M0jrJPDpm9wSGA2MZyBwMAWJnY1tvwvO+aN0PaRMh4FfQwQ4i
Jgj9LwwuaVKl6uIri/BHI8OUXzl8nnzTqL4ZDh4athaZI7al0pGEYLjlJ1Zr99vv
lozk0LokydmMMV4WamyjqEHKtZwHxpbyJ8YrSGD6V01O7fo3O6a61YPEuNvMG9ro
tga6AXBvFHkgPa8D24rbSoeKVWI8ZEauOorM38DgUkv8YRENl8I1IKbRNsRNRNa/
+zdeYroMTJkoMc6L+3/lRa6sgS6YxC5l691+iPB0bVwlTf73D6DzKVMq/6qQh5jG
72Sv57TNDFMw/kWRbMk8LQYDxoKo78zMG1sDOKVkKb2TognXQuRaYgpE0BB1G47l
q/7ZMzzn2s/BfpbVu/tBFzP/NX0uqnP6xpU82A5OdtelDCk3WLxnsjyI8eJXnUSe
kWDn/Qo7aRMsKXBHWoOwO5/YWhnYIXtfnc21eQGA88A5apn08v8KUan/sQpUykgZ
By2+ZyLdbcu2AsyCuemQZ3B+e71ARYPHsld5xVbJO2CGN14mEoAobCsEHtmv2d65
25KUrfL2EIqSzoMNmSwZ8xhbg9O+QUtSQHAahZ/YFGaSC5DZcJiQ9yrmnsJ+oh47
XEel2G1jq2o=
=aS4D
-----END PGP SIGNATURE-----
Bug Marked as found in versions mediawiki/1:1.12.0-2lenny5.
Request was from Jonathan Wiltshire <debian@jwiltshire.org.uk>
to control@bugs.debian.org.
(Mon, 02 Aug 2010 01:42:02 GMT) (full text, mbox, link).
Information forwarded
to Mediawiki Maintenance Team <pkg-mediawiki-devel@lists.alioth.debian.org>:
Bug#590669; Package mediawiki.
(Mon, 02 Aug 2010 02:09:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Jonathan Wiltshire <debian@jwiltshire.org.uk>:
Extra info received and forwarded to maintainer. Copy sent to Mediawiki Maintenance Team <pkg-mediawiki-devel@lists.alioth.debian.org>.
(Mon, 02 Aug 2010 02:09:03 GMT) (full text, mbox, link).
Message #21 received at 590669-maintonly@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Patch against stable attached.
--
Jonathan Wiltshire
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
[CVE-2010-2788.patch (text/x-diff, attachment)]
[signature.asc (application/pgp-signature, inline)]
Changed Bug submitter to 'jona@powdarrmonkey.net (Jonathan Wiltshire)' from 'Jonathan Wiltshire <debian@jwiltshire.org.uk>'
Request was from jona@powdarrmonkey.net (Jonathan Wiltshire)
to control@bugs.debian.org.
(Fri, 03 Dec 2010 14:51:16 GMT) (full text, mbox, link).
Changed Bug submitter to 'Jonathan Wiltshire <jmw@debian.org>' from 'jona@powdarrmonkey.net (Jonathan Wiltshire)'
Request was from Jonathan Wiltshire <jmw@debian.org>
to control@bugs.debian.org.
(Fri, 03 Dec 2010 15:00:13 GMT) (full text, mbox, link).
Reply sent
to Jonathan Wiltshire <jmw@debian.org>:
You have taken responsibility.
(Sun, 19 Dec 2010 14:00:03 GMT) (full text, mbox, link).
Notification sent
to Jonathan Wiltshire <jmw@debian.org>:
Bug acknowledged by developer.
(Sun, 19 Dec 2010 14:00:03 GMT) (full text, mbox, link).
Message #30 received at 590669-close@bugs.debian.org (full text, mbox, reply):
Source: mediawiki
Source-Version: 1:1.12.0-2lenny6
We believe that the bug you reported is fixed in the latest version of
mediawiki, which is due to be installed in the Debian FTP archive:
mediawiki-math_1.12.0-2lenny6_amd64.deb
to main/m/mediawiki/mediawiki-math_1.12.0-2lenny6_amd64.deb
mediawiki_1.12.0-2lenny6.diff.gz
to main/m/mediawiki/mediawiki_1.12.0-2lenny6.diff.gz
mediawiki_1.12.0-2lenny6.dsc
to main/m/mediawiki/mediawiki_1.12.0-2lenny6.dsc
mediawiki_1.12.0-2lenny6_all.deb
to main/m/mediawiki/mediawiki_1.12.0-2lenny6_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 590669@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jonathan Wiltshire <jmw@debian.org> (supplier of updated mediawiki package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 17 Dec 2010 23:32:46 +0000
Source: mediawiki
Binary: mediawiki mediawiki-math
Architecture: source all amd64
Version: 1:1.12.0-2lenny6
Distribution: stable
Urgency: high
Maintainer: Mediawiki Maintenance Team <pkg-mediawiki-devel@lists.alioth.debian.org>
Changed-By: Jonathan Wiltshire <jmw@debian.org>
Description:
mediawiki - website engine for collaborative work
mediawiki-math - math rendering plugin for MediaWiki
Closes: 585918 590669 591382
Changes:
mediawiki (1:1.12.0-2lenny6) stable; urgency=high
.
* Stable upload. Closes: #591382
* Fixed CSRF vulnerability in "e-mail me my password",
"create account" and "create by e-mail" features of
[[Special:Userlogin]]. CVE-2010-1648
* Fixed XSS vulnerability affecting IE clients only, due to a CSS
validation issue. CVE-2010-1647 (Closes: #585918)
* Fixed an XSS vulnerability in profileinfo.php for installations
with $wgEnableProfileInfo = true (false by default) (Closes: #590669)
Checksums-Sha1:
43a4da5649c6c60d8a392b98907696b899e3cfe2 1895 mediawiki_1.12.0-2lenny6.dsc
8cae2ed164a5b7c34c89ded43b7c76d05afe306c 67414 mediawiki_1.12.0-2lenny6.diff.gz
67a704f6debb1d31bc4dd5e99fc540a2396868e7 7229428 mediawiki_1.12.0-2lenny6_all.deb
c4d033013401861242b45480e220c60445fc69c6 157458 mediawiki-math_1.12.0-2lenny6_amd64.deb
Checksums-Sha256:
3522e51eff5c8881809564398ee1bb5b9fc54db786fb5d51f087f35f38cfec63 1895 mediawiki_1.12.0-2lenny6.dsc
d3fed631d4f4e6d92c6c7a598481e575cc4fe8c2a7157b9a0cbb44e9bbd66c04 67414 mediawiki_1.12.0-2lenny6.diff.gz
2d3db39ce7925fc6c78ec8921900ad99788b7cdf0b1bf63e7e2f93354063a90d 7229428 mediawiki_1.12.0-2lenny6_all.deb
e3a908fdd9535be5a615090c1b77993896e321de92409ef504925db47317784c 157458 mediawiki-math_1.12.0-2lenny6_amd64.deb
Files:
90dc6f497eba201a970141c53427d68c 1895 web optional mediawiki_1.12.0-2lenny6.dsc
fc840b059b2785ff1f38a03b0d93cbbb 67414 web optional mediawiki_1.12.0-2lenny6.diff.gz
1e5a3ee0354b601cd13e5b6bd87db6c0 7229428 web optional mediawiki_1.12.0-2lenny6_all.deb
f0cee15142a92b3af49184883f26c7e0 157458 web optional mediawiki-math_1.12.0-2lenny6_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBAgAGBQJNC/qPAAoJEFOUR53TUkxR2o4P/iIDvnFeo/yt0MOX+11W2mXh
aMgPgmGUU9sCikyy5moKmIejYV+KYCw7tjIEEem7DaK3RUyDecVggzeyC7oG8yt9
5g67opT2usok9Lo3ereFMYEWZLk0arv0exa9iCRrZjwgPXu25yWcEfPQNYOBjYnJ
m1je7k+IQpdT3nEJv05UPAndCGtGk0YEjTpd/GPYWSGptUYqjQcGEl8qXQANt050
486g/ZT3ND5RaByxVbOiGORVEMUoI7hmYY7hs3x/lWk5PfBX9nZKZQK7wmEqSq7s
7inP9d6MPDwjaq4hG4xfiHOGRrqHlEzHtOuXu81553aNdMUcryPEiPfMPJKp8MXj
FSwtFd9Uz3URskU8gRwiQ33hkxlNh0BCG2COhm6tuHFmsJZjuEkpJvssT8I++82C
zzCmwHbvc+RSqgQRm0XfhDTqudrythLFjAI/ZMUKZyvk3xkgNlWq1AsaatYVK3M3
A799Ad4YQNcIcmd/8Nv42J+kVt/uq3xZzzBYJ4blqJVL9a2xYs3lx4S9Q9tMSr+y
fwLjzV7BKNsd0jHqWL/Bp+htRuEpyJOl68kxtEGZCbXQfjl6CARwzuj7C/2rvlJ3
cjbIMDd75kOtpgt0bNgh0jSSik4OUCqtpPLgY6WOQTjoEFsnPNgGshcuETdsRjOM
QsizlKK9fxuM94zWplB2
=4BtY
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 23 Jan 2011 07:33:38 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:07:08 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon