Bugzilla – Bug 119400
VUL-0: CVE-2005-3166: mediawiki 1.4.10 security fixes
Last modified: 2021-11-22 10:16:52 UTC
(released 2005-09-21) MediaWiki 1.4.10 is a security maintenance release. A bug in edit submission handling could cause corruption of the previous revision in the database if an abnormal URL was used, such as those used by some spambots. Affected releases: * 1.4.x <= 1.4.9; fixed in 1.4.10 * 1.3.x <= 1.3.15; fixed in 1.3.16 1.5 release candidates are not affected by this problem. All publicly editable wikis are strongly recommended to upgrade immediately. 1.4 releases can be manually patched by changing this bit in EditPage.php: function importFormData( &$request ) { if( $request->wasPosted() ) { to: function importFormData( &$request ) { if( $request->getVal( 'action' ) == 'submit' && $request->wasPosted() ) {
fixes submitted
swampid: 2502
patchinfo submitted.
updates approved.
CVE-2005-3166
CVE-2005-3166: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)