Your message dated Sat, 23 Feb 2013 11:56:55 +0000
with message-id <1361620615.20752.10.ca...@jacala.jungle.funky-badger.org>
and subject line Closing p-u bugs included in point release
has caused the Debian Bug report #696158,
regarding pu: package mediawiki/1:1.15.5-2squeeze5
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
696158: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696158
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
X-Debbugs-CC: Dominik George <n...@naturalnet.de>,
pkg-mediawiki-de...@lists.alioth.debian.org
User: release.debian....@packages.debian.org
Usertags: pu
Hi,
This is the companion upload for 1:1.19.3-1 recently in Wheezy, to fix
security bugs. Debdiff attached.
The security team have stated that they do not want to do a DSA.
Thanks,
--
Jonathan Wiltshire j...@debian.org
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
<directhex> i have six years of solaris sysadmin experience, from
8->10. i am well qualified to say it is made from bonghits
layered on top of bonghits
diff -Nru mediawiki-1.15.5/debian/changelog mediawiki-1.15.5/debian/changelog
--- mediawiki-1.15.5/debian/changelog 2012-01-21 21:08:01.000000000 +0000
+++ mediawiki-1.15.5/debian/changelog 2012-12-16 17:54:27.000000000 +0000
@@ -1,3 +1,12 @@
+mediawiki (1:1.15.5-2squeeze5) stable; urgency=low
+
+ [ Dominik George ]
+ * Security fixes from upstream (Closes: #694998):
+ - CVE-2012-5391 - Prevent session fixation in Special:UserLogin
+ - Prevent linker regex from exceeding backtrack limit
+
+ -- Jonathan Wiltshire <j...@debian.org> Sun, 16 Dec 2012 17:53:38 +0000
+
mediawiki (1:1.15.5-2squeeze4) stable; urgency=low
* Disable CVE-2011-4360.patch, it causes ugly error messages in certain
diff -Nru mediawiki-1.15.5/debian/patches/CVE-2012-5391.patch
mediawiki-1.15.5/debian/patches/CVE-2012-5391.patch
--- mediawiki-1.15.5/debian/patches/CVE-2012-5391.patch 1970-01-01
01:00:00.000000000 +0100
+++ mediawiki-1.15.5/debian/patches/CVE-2012-5391.patch 2012-12-16
15:34:48.000000000 +0000
@@ -0,0 +1,33 @@
+Description: Prevent session fixation in Special:UserLogin (CVE-2012-5391)
+ Sessions id's in the default MediaWiki authentication are not refreshed on
+ login or logout. An attacker can use this to impersonate a user.
+Author: Chris Steipp <cste...@wikimedia.org>
+Origin: upstream, https://gerrit.wikimedia.org/r/#/c/36079/
+Bug: https://bugzilla.wikimedia.org/show_bug.cgi?id=40995
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694998
+Reviewed-by: Dominik George <n...@naturalnet.de>
+--- a/includes/specials/SpecialUserlogin.php
++++ b/includes/specials/SpecialUserlogin.php
+@@ -591,6 +591,8 @@
+ global $wgLang, $wgRequest;
+ $code = $wgRequest->getVal( 'uselang',
$wgUser->getOption( 'language' ) );
+ $wgLang = Language::factory( $code );
++ // Reset SessionID on Successful
login (bug 40995)
++ $this->renewSessionId();
+ return $this->successfulLogin();
+ } else {
+ return $this->cookieRedirectCheck(
'login' );
+@@ -1062,6 +1064,13 @@
+ $wgRequest->setSessionData( 'wsCreateaccountToken', null );
+ }
+
++ /**
++ * Renew the user's session id
++ */
++ private function renewSessionId() {
++ session_regenerate_id( false );
++ }
++
+ /**
+ * @private
+ */
diff -Nru mediawiki-1.15.5/debian/patches/pcre-linker-backtrack.patch
mediawiki-1.15.5/debian/patches/pcre-linker-backtrack.patch
--- mediawiki-1.15.5/debian/patches/pcre-linker-backtrack.patch 1970-01-01
01:00:00.000000000 +0100
+++ mediawiki-1.15.5/debian/patches/pcre-linker-backtrack.patch 2012-12-16
16:40:44.000000000 +0000
@@ -0,0 +1,48 @@
+Description: Prevent linker regex from exceeding PCRE backtrack limit
+Author: Chris Steipp <cste...@wikimedia.org>
+Origin: upstream
+Bug: https://bugzilla.wikimedia.org/show_bug.cgi?id=41400
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694998
+Reviewed-by: Dominik George <n...@naturalnet.de>
+--- a/includes/Linker.php
++++ b/includes/Linker.php
+@@ -1297,7 +1297,18 @@
+ */
+ public function formatLinksInComment( $comment ) {
+ return preg_replace_callback(
+- '/\[\[:?(.*?)(\|(.*?))*\]\]([^[]*)/',
++ '/
++ \[\[
++ :? # ignore optional leading colon
++ ([^\]|]+) # 1. link target; page names cannot
include ] or |
++ (?:\|
++ # 2. a pipe-separated substring; only
the last is captured
++ # Stop matching at | and ]] without
relying on backtracking.
++ ((?:]?[^\]|])*+)
++ )*
++ \]\]
++ ([^[]*) # 3. link trail (the text up until
the next link)
++ /x',
+ array( $this, 'formatLinksInCommentCallback' ),
+ $comment );
+ }
+@@ -1316,8 +1327,8 @@
+ }
+
+ # Handle link renaming [[foo|text]] will show link as "text"
+- if( "" != $match[3] ) {
+- $text = $match[3];
++ if( "" != $match[2] ) {
++ $text = $match[2];
+ } else {
+ $text = $match[1];
+ }
+@@ -1328,7 +1339,7 @@
+ $thelink = $this->makeMediaLink( $submatch[1], "",
$text );
+ } else {
+ # Other kind of link
+- if( preg_match( $wgContLang->linkTrail(), $match[4],
$submatch ) ) {
++ if( preg_match( $wgContLang->linkTrail(), $match[3],
$submatch ) ) {
+ $trail = $submatch[1];
+ } else {
+ $trail = "";
diff -Nru mediawiki-1.15.5/debian/patches/series
mediawiki-1.15.5/debian/patches/series
--- mediawiki-1.15.5/debian/patches/series 2012-01-21 20:57:43.000000000
+0000
+++ mediawiki-1.15.5/debian/patches/series 2012-12-16 16:41:00.000000000
+0000
@@ -13,3 +13,5 @@
CVE-2011-1587.patch
CVE-2011-4361.patch
CVE-2012-0046.patch
+CVE-2012-5391.patch
+pcre-linker-backtrack.patch
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Version: 6.0.7
Hi,
The package discussed in each of these bugs was added to stable as part
of today's point release.
Regards,
Adam
--- End Message ---
