Bug 620226
| Summary: | CVE-2010-2787 CVE-2010-2788 mediawiki various flaws [fedora-all] | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Jan Lieskovsky <jlieskov> |
| Component: | mediawiki | Assignee: | Axel Thimm <axel.thimm> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | 13 | CC: | axel.thimm |
| Target Milestone: | --- | Keywords: | Security, SecurityTracking |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | mediawiki-1.16.4-58.fc13 | Doc Type: | Release Note |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-04-21 05:28:23 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 620224, 620225 | ||
|
Description
Jan Lieskovsky
2010-08-01 16:23:16 UTC
Adding parent bug CVE-2010-2788
New bodhi update url:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=620224,620225
There are still no details on the nature of these CVEs in neither mitre nor nvd. The status in mitre is "reserved, under review" and nvd return an error on these CVEs. Hi Axel, thank you for checking with us. (In reply to comment #2) > There are still no details on the nature of these CVEs in neither mitre nor > nvd. The status in mitre is "reserved, under review" and nvd return an error on > these CVEs. Below is the copy of the email / query I sent to Tim Starling regarding patches clarification (you were Cc-ed): ======================================= Hello Tim, based on query from Axel below: "There are still no details on the nature of these CVEs in neither mitre nor nvd. The status in mitre is "reserved, under review" and nvd return an error on these CVEs." searched for patches for the following two mediawiki flaws: [1] https://bugzilla.redhat.com/show_bug.cgi?id=620224 [2] https://bugzilla.redhat.com/show_bug.cgi?id=620225 in the Mediawiki upstream SVN repository: [3] http://www.mediawiki.org/wiki/Download_from_SVN and based on the log found the following: 1), the upstream patch for CVE-2010-2787 seems to be the following: [4] http://svn.wikimedia.org/viewvc/mediawiki?view=revision&revision=69776 2), and upstream patches for CVE-2010-2788 seem to be the following two: [5] http://svn.wikimedia.org/viewvc/mediawiki?view=revision&revision=69952 and [6] http://svn.wikimedia.org/viewvc/mediawiki?view=revision&revision=69984 But prior providing this information to Axel, so he could build the Fedora mediawiki updates, wanted to check with you. Tim, could you please confirm, the [4], [5], and [6] are the correct upstream Mediawiki patches for CVE-2010-2787 and CVE-2010-2788 flaws, so Axel could build the updates? Thank you in advance for your time, look and cooperation. Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team ======================================= Hope this helps, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team mediawiki-1.16.2-56.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/mediawiki-1.16.2-56.fc14 mediawiki-1.16.2-56.fc13 has been submitted as an update for Fedora 13. https://admin.fedoraproject.org/updates/mediawiki-1.16.2-56.fc13 mediawiki-1.16.2-56.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/mediawiki-1.16.2-56.fc15 mediawiki-1.16.4-57.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/mediawiki-1.16.4-57.fc14 mediawiki-1.16.4-57.fc13 has been submitted as an update for Fedora 13. https://admin.fedoraproject.org/updates/mediawiki-1.16.4-57.fc13 mediawiki-1.16.4-57.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/mediawiki-1.16.4-57.fc15 Package mediawiki-1.16.4-57.fc14: * should fix your issue, * was pushed to the Fedora 14 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing mediawiki-1.16.4-57.fc14' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/mediawiki-1.16.4-57.fc14 then log in and leave karma (feedback). mediawiki-1.16.4-57.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report. mediawiki-1.16.4-58.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/mediawiki-1.16.4-58.fc14 mediawiki-1.16.4-58.fc13 has been submitted as an update for Fedora 13. https://admin.fedoraproject.org/updates/mediawiki-1.16.4-58.fc13 mediawiki-1.16.4-58.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/mediawiki-1.16.4-58.fc15 mediawiki-1.16.4-58.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report. mediawiki-1.16.4-58.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report. mediawiki-1.16.4-58.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report. |