Bug 119400 (CVE-2005-3166)

Summary: VUL-0: CVE-2005-3166: mediawiki 1.4.10 security fixes
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: All   
Whiteboard: CVE-2005-3166: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2005-09-29 09:36:56 UTC 
(released 2005-09-21) 
 
MediaWiki 1.4.10 is a security maintenance release. A bug in edit submission 
handling could cause corruption of the previous revision in the database if 
an abnormal URL was used, such as those used by some spambots. 
 
Affected releases: 
* 1.4.x <= 1.4.9; fixed in 1.4.10 
* 1.3.x <= 1.3.15; fixed in 1.3.16 
 
1.5 release candidates are not affected by this problem. 
 
All publicly editable wikis are strongly recommended to upgrade immediately. 
1.4 releases can be manually patched by changing this bit in EditPage.php: 
 
    function importFormData( &$request ) { 
        if( $request->wasPosted() ) { 
 
to: 
 
    function importFormData( &$request ) { 
        if( $request->getVal( 'action' ) == 'submit' && 
$request->wasPosted() ) {
Comment 1 Anna Maresova 2005-10-04 12:19:47 UTC 
fixes submitted
Comment 2 Marcus Meissner 2005-10-05 08:45:00 UTC 
swampid: 2502
Comment 3 Marcus Meissner 2005-10-05 08:49:07 UTC 
patchinfo submitted.
Comment 4 Marcus Meissner 2005-10-05 13:05:19 UTC 
updates approved.
Comment 5 Ludwig Nussel 2005-11-07 11:55:33 UTC 
CVE-2005-3166
Comment 6 Thomas Biege 2009-10-13 21:37:43 UTC 
CVE-2005-3166: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)