[Pkg-mediawiki-commits] r277 - in mediawiki/squeeze/debian: . patches

Jonathan Wiltshire jmw at alioth.debian.org
Sat Dec 17 23:23:51 UTC 2011 

Author: jmw
Date: 2011-12-17 23:23:51 +0000 (Sat, 17 Dec 2011)
New Revision: 277

Added:
   mediawiki/squeeze/debian/patches/CVE-2011-1587.patch
Modified:
   mediawiki/squeeze/debian/changelog
   mediawiki/squeeze/debian/patches/series
Log:
CVE-2011-1587 Fix incomplete patch for CVE-2011-1578


Modified: mediawiki/squeeze/debian/changelog
===================================================================
--- mediawiki/squeeze/debian/changelog	2011-12-17 23:22:29 UTC (rev 276)
+++ mediawiki/squeeze/debian/changelog	2011-12-17 23:23:51 UTC (rev 277)
@@ -8,8 +8,9 @@
     CVE-2011-1578 - XSS for IE <= 6
     CVE-2011-1579 - CSS validation error in wikitext parser
     CVE-2011-1580 - access control checks on transwiki import feature
+    CVE-2011-1587 - fix incomplete patch for CVE-2011-1578
 
- -- Jonathan Wiltshire <jmw at debian.org>  Sat, 17 Dec 2011 23:21:33 +0000
+ -- Jonathan Wiltshire <jmw at debian.org>  Sat, 17 Dec 2011 23:22:54 +0000
 
 mediawiki (1:1.15.5-2squeeze1) stable; urgency=high
 

Added: mediawiki/squeeze/debian/patches/CVE-2011-1587.patch
===================================================================
--- mediawiki/squeeze/debian/patches/CVE-2011-1587.patch	                        (rev 0)
+++ mediawiki/squeeze/debian/patches/CVE-2011-1587.patch	2011-12-17 23:23:51 UTC (rev 277)
@@ -0,0 +1,37 @@
+Description: fix insufficient patch for CVE-2011-1578
+Origin: upstream,http://svn.wikimedia.org/viewvc/mediawiki?view=revision&revision=86027
+Bug: https://bugzilla.wikimedia.org/show_bug.cgi?id=28507
+Last-Update: 2011-12-17
+
+--- mediawiki-1.15.5.orig/images/.htaccess
++++ mediawiki-1.15.5/images/.htaccess
+@@ -1,6 +1,6 @@
+ # Protect against bug 28235
+ <IfModule rewrite_module>
+ 	RewriteEngine On
+-	RewriteCond %{QUERY_STRING} \.[a-z]{1,4}$ [nocase]
++	RewriteCond %{QUERY_STRING} \.[a-z0-9]{1,4}(#|\?|$) [nocase]
+ 	RewriteRule . - [forbidden]
+ </IfModule>
+--- mediawiki-1.15.5.orig/img_auth.php
++++ mediawiki-1.15.5/img_auth.php
+@@ -27,7 +27,7 @@
+ 
+ // Check for bug 28235: QUERY_STRING overriding the correct extension
+ if ( isset( $_SERVER['QUERY_STRING'] )
+-	&& preg_match( '/\.[a-z]{1,4}$/i', $_SERVER['QUERY_STRING'] ) )
++	&& preg_match( '/\.[a-z0-9]{1,4}(#|\?|$)/i', $_SERVER['QUERY_STRING'] ) )
+ {
+ 	wfForbidden();
+ }
+--- mediawiki-1.15.5.orig/includes/WebRequest.php
++++ mediawiki-1.15.5/includes/WebRequest.php
+@@ -683,7 +683,7 @@
+ 		global $wgScriptExtension;
+ 
+ 		if ( isset( $_SERVER['QUERY_STRING'] )
+-			&& preg_match( '/\.[a-z]{1,4}$/i', $_SERVER['QUERY_STRING'] ) )
++			&& preg_match( '/\.[a-z0-9]{1,4}(#|\?|$)/i', $_SERVER['QUERY_STRING'] ) )
+ 		{
+ 			// Bug 28235
+ 			// Block only Internet Explorer, and requests with missing UA

Modified: mediawiki/squeeze/debian/patches/series
===================================================================
--- mediawiki/squeeze/debian/patches/series	2011-12-17 23:22:29 UTC (rev 276)
+++ mediawiki/squeeze/debian/patches/series	2011-12-17 23:23:51 UTC (rev 277)
@@ -10,5 +10,6 @@
 CVE-2011-1578.patch
 CVE-2011-1579.patch
 CVE-2011-1580.patch
+CVE-2011-1587.patch
 CVE-2011-4360.patch
 CVE-2011-4361.patch

More information about the Pkg-mediawiki-commits mailing list