90335 – www/mediawiki update to 1.5.3 (security update)

Bug 90335 - www/mediawiki update to 1.5.3 (security update)

Summary: www/mediawiki update to 1.5.3 (security update)

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	freebsd-ports-bugs (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2005-12-13 15:00 UTC by thomas
Modified:	2005-12-20 20:52 UTC (History)
CC List:	0 users

See Also:

Attachments
file.diff (272 bytes, patch) 2005-12-13 15:00 UTC, thomas	no flags	Details \| Diff
file.diff (428 bytes, patch) 2005-12-13 15:00 UTC, thomas	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description thomas 2005-12-13 15:00:14 UTC

	- Fixes a security issue: Validation of the user language option was broken by a code change in May 2005, opening the possibility of remote code execution as this parameter is used in forming a class name dynamically created with eval().
	 The validation has been corrected in this version. All prior 1.5 release and prelease versions are affected; 1.4 and earlier and not affected.

Comment 1 Edwin Groothuis freebsd_committer

2005-12-13 15:06:18 UTC

State Changed
From-To: open->feedback

Awaiting maintainers feedback

Comment 2 Edwin Groothuis freebsd_committer

2005-12-20 20:52:24 UTC

State Changed
From-To: feedback->closed

Committed, thanks!