This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected Fedora versions. For comments that are specific to the vulnerability please use bugs filed against "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When creating a Bodhi update request, please include the bug IDs of the respective parent bugs filed against the "Security Response" product. Please mention CVE ids in the RPM changelog when available. Bodhi update submission link: https://admin.fedoraproject.org/updates/new/?type_=security&bugs=620224 Please note: this issue affects multiple supported versions of Fedora. Only one tracking bug has been filed; please only close it when all affected versions are fixed. [bug automatically created by: add-tracking-bugs]
Adding parent bug CVE-2010-2788 New bodhi update url: https://admin.fedoraproject.org/updates/new/?type_=security&bugs=620224,620225
There are still no details on the nature of these CVEs in neither mitre nor nvd. The status in mitre is "reserved, under review" and nvd return an error on these CVEs.
Hi Axel, thank you for checking with us. (In reply to comment #2) > There are still no details on the nature of these CVEs in neither mitre nor > nvd. The status in mitre is "reserved, under review" and nvd return an error on > these CVEs. Below is the copy of the email / query I sent to Tim Starling regarding patches clarification (you were Cc-ed): ======================================= Hello Tim, based on query from Axel below: "There are still no details on the nature of these CVEs in neither mitre nor nvd. The status in mitre is "reserved, under review" and nvd return an error on these CVEs." searched for patches for the following two mediawiki flaws: [1] https://bugzilla.redhat.com/show_bug.cgi?id=620224 [2] https://bugzilla.redhat.com/show_bug.cgi?id=620225 in the Mediawiki upstream SVN repository: [3] http://www.mediawiki.org/wiki/Download_from_SVN and based on the log found the following: 1), the upstream patch for CVE-2010-2787 seems to be the following: [4] http://svn.wikimedia.org/viewvc/mediawiki?view=revision&revision=69776 2), and upstream patches for CVE-2010-2788 seem to be the following two: [5] http://svn.wikimedia.org/viewvc/mediawiki?view=revision&revision=69952 and [6] http://svn.wikimedia.org/viewvc/mediawiki?view=revision&revision=69984 But prior providing this information to Axel, so he could build the Fedora mediawiki updates, wanted to check with you. Tim, could you please confirm, the [4], [5], and [6] are the correct upstream Mediawiki patches for CVE-2010-2787 and CVE-2010-2788 flaws, so Axel could build the updates? Thank you in advance for your time, look and cooperation. Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team ======================================= Hope this helps, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
mediawiki-1.16.2-56.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/mediawiki-1.16.2-56.fc14
mediawiki-1.16.2-56.fc13 has been submitted as an update for Fedora 13. https://admin.fedoraproject.org/updates/mediawiki-1.16.2-56.fc13
mediawiki-1.16.2-56.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/mediawiki-1.16.2-56.fc15
mediawiki-1.16.4-57.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/mediawiki-1.16.4-57.fc14
mediawiki-1.16.4-57.fc13 has been submitted as an update for Fedora 13. https://admin.fedoraproject.org/updates/mediawiki-1.16.4-57.fc13
mediawiki-1.16.4-57.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/mediawiki-1.16.4-57.fc15
Package mediawiki-1.16.4-57.fc14: * should fix your issue, * was pushed to the Fedora 14 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing mediawiki-1.16.4-57.fc14' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/mediawiki-1.16.4-57.fc14 then log in and leave karma (feedback).
mediawiki-1.16.4-57.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.
mediawiki-1.16.4-58.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/mediawiki-1.16.4-58.fc14
mediawiki-1.16.4-58.fc13 has been submitted as an update for Fedora 13. https://admin.fedoraproject.org/updates/mediawiki-1.16.4-58.fc13
mediawiki-1.16.4-58.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/mediawiki-1.16.4-58.fc15
mediawiki-1.16.4-58.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.
mediawiki-1.16.4-58.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.
mediawiki-1.16.4-58.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.