Hi, mediawiki package has been updated recently for security update in stretch : old-sec: 1:1.27.7-1~deb9u4
But all our mediawiki servers failed with a blank page
we have this error
Exception encountered, of type "ParseError"
[fdd9f60bf17425482b88d0fa] / ParseError from line 1813 of
/usr/share/mediawiki/includes/user/User.php: syntax error, unexpected
'else' (T_ELSE)
Backtrace:
#0 [internal function]: AutoLoader::autoload(string)
#1 /usr/share/mediawiki/includes/session/SessionBackend.php(125):
spl_autoload_call(string)
#2 /usr/share/mediawiki/includes/session/SessionManager.php(854):
MediaWiki\Session\SessionBackend->__construct(MediaWiki\Session\SessionId,
MediaWiki\Session\SessionInfo, CachedBagOStuff,
MediaWiki\Logger\LegacyLogger, integer)
#3 /usr/share/mediawiki/includes/session/SessionManager.php(301):
MediaWiki\Session\SessionManager->getSessionFromInfo(MediaWiki\Session\SessionInfo,
WebRequest)
#4 /usr/share/mediawiki/includes/session/SessionManager.php(235):
MediaWiki\Session\SessionManager->getEmptySessionInternal(WebRequest)
#5 /usr/share/mediawiki/includes/session/SessionManager.php(185):
MediaWiki\Session\SessionManager->getEmptySession(WebRequest)
#6 /usr/share/mediawiki/includes/WebRequest.php(700):
MediaWiki\Session\SessionManager->getSessionForRequest(WebRequest)
#7 /usr/share/mediawiki/includes/session/SessionManager.php(121):
WebRequest->getSession()
#8 /usr/share/mediawiki/includes/Setup.php(747):
MediaWiki\Session\SessionManager::getGlobalSession()
#9 /usr/share/mediawiki/includes/WebStart.php(137): require_once(string)
#10 /usr/share/mediawiki/index.php(40): require(string)
#11 {main}
Doing a rough mitigation by commenting one of the 'else' function in
line 1813 of /usr/share/mediawiki/includes/user/User.php revert our
wikis to a normal state.
Is there a way to see which part of code has been modified in this
particular security fix, in order to understand if there is a bug or
it's just a local misconfiguration ?
Regards
--
Jean Louis Mas
smime.p7s
Description: Signature cryptographique S/MIME
