1148675 – (CVE-2014-7295) CVE-2014-7295 mediawiki: remove separation of css and js module allowance issue fixed in versions 1.19.20, 1.22.12, and 1.23.5.

Bug 1148675 (CVE-2014-7295) - CVE-2014-7295 mediawiki: remove separation of css and js module allowance issue fixed in versions 1.19.20, 1.22.12, and 1.23.5.

Summary: CVE-2014-7295 mediawiki: remove separation of css and js module allowance iss...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2014-7295
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1148676 1148677 1148678 1148679
Blocks:
TreeView+	depends on / blocked

Reported:	2014-10-02 05:35 UTC by Murray McAllister
Modified:	2019-09-29 13:22 UTC (History)
CC List:	5 users (show)
Fixed In Version:	mediawiki 1.19.20, mediawiki 1.22.12, mediawiki 1.23.5
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-05-27 20:57:52 UTC
Embargoed:

Attachments	(Terms of Use)

Description Murray McAllister 2014-10-02 05:35:39 UTC

The MediaWiki 1.19.20, 1.22.12, and 1.23.5 releases fix the following security issue:

"(bug 70672) SECURITY: OutputPage: Remove separation of css and js module allowance."

References:

https://bugzilla.wikimedia.org/show_bug.cgi?id=70672
https://gerrit.wikimedia.org/r/#/c/164271/
https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-October/000163.html

Comment 1 Murray McAllister 2014-10-02 05:36:52 UTC

Created mediawiki tracking bugs for this issue:

Affects: fedora-all [bug 1148676]
Affects: epel-5 [bug 1148677]

Comment 2 Murray McAllister 2014-10-02 05:36:54 UTC

Created mediawiki119 tracking bugs for this issue:

Affects: epel-5 [bug 1148678]
Affects: epel-6 [bug 1148679]

Comment 3 Martin Prpič 2014-10-02 10:56:04 UTC

CVE request:

http://seclists.org/oss-sec/2014/q4/60

Comment 4 Murray McAllister 2014-10-03 02:22:05 UTC

MITRE assigned CVE-2014-7295 to this issue:

http://seclists.org/oss-sec/2014/q4/67

Comment 5 Fedora Update System 2014-10-08 19:10:28 UTC

mediawiki-1.23.5-1.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 6 Fedora Update System 2014-10-14 04:36:25 UTC

mediawiki-1.23.5-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 7 Fedora Update System 2014-10-14 04:42:25 UTC

mediawiki-1.23.5-1.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 8 Fedora Update System 2014-10-21 16:01:50 UTC

mediawiki119-1.19.20-1.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 10 Patrick Uiterwijk 2015-05-27 20:57:52 UTC

Fixed previously

Note You need to log in before you can comment on or make changes to this bug.