[Pkg-mediawiki-devel] Bug#508869: Bug#508870: mediawiki: NMU to fix CVE-2008-5249, CVE-2008-5250, CVE-2008-5252
toots at rastageeks.org
Sun Jan 18 20:55:46 UTC 2009
Le Sunday 18 January 2009 12:17:01 Giuseppe Iuculano, vous avez écrit :
> the attacked debdiff is for a proposed NMU to fix CVE-2008-5249,
> CVE-2008-5250, CVE-2008-5252 in lenny. (Backported from mediawiki 1.12.3)
Many thanks for this patch and your work !
I have build a fixed package and tested it, it works ok. Also, the changes
looks clean from the packaging point.
However, I won't comment on the content of the patch, I don't have enough time
for that. I hope someone else can help reviewing it.
> mediawiki (1:1.12.0-2lenny2) testing-security; urgency=high
> * Security update, NMU to fix fix CVE-2008-5249, CVE-2008-5250,
> CVE-2008-5252 *
> debian/patches/CVE-2008-5249_CVE-2008-5250_CVE-2008-5252.patch: - Fixed
> output escaping for reporting of non-MediaWiki exceptions. Potential XSS if
> an extension throws one of these with user input. - Avoid fatal error in
> profileinfo.php when not configured.
> - Fixed CSRF vulnerability in Special:Import. Fixed input validation in
> transwiki import feature.
> - Add a .htaccess to deleted images directory for additional protection
> against exposure of deleted files with known SHA-1 hashes on default
> - Fixed XSS vulnerability for Internet Explorer clients, via file
> uploads which are interpreted by IE as HTML.
> - Fixed XSS vulnerability for clients with SVG scripting, on wikis
> where SVG uploads are enabled. Firefox 1.5+ is affected.
> - Avoid streaming uploaded files to the user via index.php. This allows
> security-conscious users to serve uploaded files via a different
> domain, and thus client-side scripts executed from that domain cannot
> access the login cookies. Affects Special:Undelete, img_auth.php and
> thumb.php. - When streaming files via index.php, use the MIME type detected
> from the file extension, not from the data. This reduces the XSS attack
> surface. - Blacklist redirects via Special:Filepath. Such redirects
> exacerbate any XSS vulnerabilities involving uploads of files containing
> scripts. Closes: #508869, #508870
> -- Giuseppe Iuculano <giuseppe at iuculano.it> Sun, 18 Jan 2009 11:54:02
More information about the Pkg-mediawiki-devel