Bug 188122 (CVE-2006-1498)

Summary: Security Vulnerability: CVE-2006-1498
Product: [Fedora] Fedora Reporter: Hans de Goede <hdegoede>
Component: mediawikiAssignee: Roozbeh Pournader <roozbeh>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 3CC: chris.ricker, extras-qa, scop
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 1.5.8-1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-04-06 20:30:56 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Hans de Goede 2006-04-06 09:07:44 UTC 
See:

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1498

Upgrading to 1.5.8 should fix this, this probably affects other repors /
releases then Development too.
Comment 1 Ville Skyttä 2006-04-06 16:50:26 UTC 
1.5.8 has been in all FE4+ repos since April 3rd based on file timestamps.
Comment 2 Hans de Goede 2006-04-06 17:03:33 UTC 
My bad I ran yum list "*mediawiki*" and that said 1.5.7, but that is because
when run as user yum doesn't update its metadata.

Was mediawiki in FE3 too? Ifso 1.5.8 or another fix should be pushed for FE3,
even though FE3 is eol, security fixes should still be applied by package
maintainers. (other updates should not).
Comment 3 Chris Ricker 2006-04-06 17:14:45 UTC 
mediawiki is only in FE-4, FE-5, and devel

[kaboom@fc5test extras]$ cvs co mediawiki
<snip>
[kaboom@fc5test extras]$ ls mediawiki/
common  CVS  devel  FC-4  FC-5  import.log  Makefile
[kaboom@fc5test extras]$