Bug 119400 - (CVE-2005-3166) VUL-0: CVE-2005-3166: mediawiki 1.4.10 security fixes
(CVE-2005-3166)
VUL-0: CVE-2005-3166: mediawiki 1.4.10 security fixes
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other All
: P5 - None : Normal
: ---
Assigned To: Security Team bot
Security Team bot
CVE-2005-3166: CVSS v2 Base Score: 5....
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2005-09-29 09:36 UTC by Marcus Meissner
Modified: 2021-11-22 10:16 UTC (History)
1 user (show)

See Also:
Found By: Other
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2005-09-29 09:36:56 UTC
(released 2005-09-21) 
 
MediaWiki 1.4.10 is a security maintenance release. A bug in edit submission 
handling could cause corruption of the previous revision in the database if 
an abnormal URL was used, such as those used by some spambots. 
 
Affected releases: 
* 1.4.x <= 1.4.9; fixed in 1.4.10 
* 1.3.x <= 1.3.15; fixed in 1.3.16 
 
1.5 release candidates are not affected by this problem. 
 
All publicly editable wikis are strongly recommended to upgrade immediately. 
1.4 releases can be manually patched by changing this bit in EditPage.php: 
 
    function importFormData( &$request ) { 
        if( $request->wasPosted() ) { 
 
to: 
 
    function importFormData( &$request ) { 
        if( $request->getVal( 'action' ) == 'submit' && 
$request->wasPosted() ) {
Comment 1 Anna Maresova 2005-10-04 12:19:47 UTC
fixes submitted
Comment 2 Marcus Meissner 2005-10-05 08:45:00 UTC
swampid: 2502 
Comment 3 Marcus Meissner 2005-10-05 08:49:07 UTC
patchinfo submitted. 
Comment 4 Marcus Meissner 2005-10-05 13:05:19 UTC
updates approved. 
Comment 5 Ludwig Nussel 2005-11-07 11:55:33 UTC
CVE-2005-3166
Comment 6 Thomas Biege 2009-10-13 21:37:43 UTC
CVE-2005-3166: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)