Bug 14212

Summary: mediawiki new security issue fixed upstream in 1.23.5
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED DUPLICATE QA Contact: Sec team <security>
Severity: normal    
Priority: Normal    
Version: 4   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
Whiteboard: MGA3TOO
Source RPM: mediawiki-1.23.4-1.mga4.src.rpm CVE:
Status comment:

Description David Walser 2014-10-02 02:35:18 CEST 
Upstream has announced version 1.23.5 on October 1:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-October/000163.html

I haven't seen a CVE request yet.

I'll hold off on an advisory for now, so see the upstream one.

I've checked it into SVN for Mageia 3, Mageia 4, and Cauldron, and sent a freeze push request.

Reproducible: 

Steps to Reproduce:
David Walser 2014-10-02 02:35:25 CEST

Whiteboard: (none) => MGA3TOO

Comment 1 David Walser 2014-10-02 14:35:41 CEST 
CVE request:
http://www.openwall.com/lists/oss-security/2014/10/02/29

I've pushed this to the build system and the previous update isn't pushed, so we'll have to handle QA testing it in the other bug (Bug 14182).

Depends on: (none) => 14182

David Walser 2014-10-02 14:43:09 CEST

Depends on: 14182 => (none)

Comment 2 David Walser 2014-10-02 14:43:41 CEST 
Actually I'll just mark this as a duplicate.

*** This bug has been marked as a duplicate of bug 14182 ***

Status: NEW => RESOLVED
Resolution: (none) => DUPLICATE