[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201310-21.xml - gentoo-commits

From:	"Sergey Popov (pinkbyte)" <pinkbyte@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201310-21.xml
Date:	Mon, 28 Oct 2013 16:56:28
Message-Id:	`20131028165625.07CF220047@flycatcher.gentoo.org`

1

pinkbyte    13/10/28 16:56:24

2

3

  Added:                glsa-201310-21.xml

4

  Log:

5

  GLSA 201310-21

6

7

Revision  Changes    Path

8

1.1                  xml/htdocs/security/en/glsa/glsa-201310-21.xml

9

10

file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201310-21.xml?rev=1.1&view=markup

11

plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201310-21.xml?rev=1.1&content-type=text/plain

12

13

Index: glsa-201310-21.xml

14

===================================================================

15

<?xml version="1.0" encoding="UTF-8"?>

16

<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>

17

<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>

18

<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">

19

<glsa id="201310-21">

20

  <title>MediaWiki: Multiple vulnerabilities</title>

21

  <synopsis>Multiple vulnerabilities have been found in MediaWiki, the worst of

22

    which could lead to Denial of Service.

23

  </synopsis>

24

  <product type="ebuild">mediawiki</product>

25

  <announced>October 28, 2013</announced>

26

  <revised>October 28, 2013: 1</revised>

27

  <bug>460352</bug>

28

  <bug>466124</bug>

29

  <bug>468110</bug>

30

  <bug>471140</bug>

31

  <bug>483594</bug>

32

  <access>remote</access>

33

  <affected>

34

    <package name="www-apps/mediawiki" auto="yes" arch="*">

35

      <unaffected range="ge">1.21.2</unaffected>

36

      <unaffected range="rge">1.20.7</unaffected>

37

      <unaffected range="rge">1.19.8</unaffected>

38

      <vulnerable range="lt">1.21.2</vulnerable>

39

    </package>

40

  </affected>

41

  <background>

42

    <p>The MediaWiki wiki web application as used on wikipedia.org.</p>

43

  </background>

44

  <description>

45

    <p>Multiple vulnerabilities have been discovered in MediaWiki. Please

46

      review the CVE identifiers referenced below for details.

47

    </p>

48

  </description>

49

  <impact type="normal">

50

    <p>A remote attacker may be able to execute arbitrary code, perform

51

      man-in-the-middle attacks, obtain sensitive information or perform

52

      cross-site scripting attacks.

53

    </p>

54

  </impact>

55

  <workaround>

56

    <p>There is no known workaround at this time.</p>

57

  </workaround>

58

  <resolution>

59

    <p>All MediaWiki 1.21.x users should upgrade to the latest version:</p>

60

61

    <code>

62

      # emerge --sync

63

      # emerge --ask --oneshot --verbose "&gt;=www-apps/mediawiki-1.21.2"

64

    </code>

65

66

    <p>All MediaWiki 1.20.x users should upgrade to the latest version:</p>

67

68

    <code>

69

      # emerge --sync

70

      # emerge --ask --oneshot --verbose "&gt;=www-apps/mediawiki-1.20.7"

71

    </code>

72

73

    <p>All MediaWiki 1.19.x users should upgrade to the latest version:</p>

74

75

    <code>

76

      # emerge --sync

77

      # emerge --ask --oneshot --verbose "&gt;=www-apps/mediawiki-1.19.8"

78

    </code>

79

  </resolution>

80

  <references>

81

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1816">CVE-2013-1816</uri>

82

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1817">CVE-2013-1817</uri>

83

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1818">CVE-2013-1818</uri>

84

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1951">CVE-2013-1951</uri>

85

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2031">CVE-2013-2031</uri>

86

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2032">CVE-2013-2032</uri>

87

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2114">CVE-2013-2114</uri>

88

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4301">CVE-2013-4301</uri>

89

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4302">CVE-2013-4302</uri>

90

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4303">CVE-2013-4303</uri>

91

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4304">CVE-2013-4304</uri>

92

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4305">CVE-2013-4305</uri>

93

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4306">CVE-2013-4306</uri>

94

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4307">CVE-2013-4307</uri>

95

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4308">CVE-2013-4308</uri>

96

  </references>

97

  <metadata tag="requester" timestamp="Sun, 24 Mar 2013 19:36:35 +0000">

98

    keytoaster

99

  </metadata>

100

  <metadata tag="submitter" timestamp="Mon, 28 Oct 2013 16:56:03 +0000">ackle</metadata>

101

</glsa>

1	pinkbyte 13/10/28 16:56:24
2
3	Added: glsa-201310-21.xml
4	Log:
5	GLSA 201310-21
6
7	Revision Changes Path
8	1.1 xml/htdocs/security/en/glsa/glsa-201310-21.xml
9
10	file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201310-21.xml?rev=1.1&view=markup
11	plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201310-21.xml?rev=1.1&content-type=text/plain
12
13	Index: glsa-201310-21.xml
14	===================================================================
15	<?xml version="1.0" encoding="UTF-8"?>
16	<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
17	<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
18	<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
19	<glsa id="201310-21">
20	<title>MediaWiki: Multiple vulnerabilities</title>
21	<synopsis>Multiple vulnerabilities have been found in MediaWiki, the worst of
22	which could lead to Denial of Service.
23	</synopsis>
24	<product type="ebuild">mediawiki</product>
25	<announced>October 28, 2013</announced>
26	<revised>October 28, 2013: 1</revised>
27	<bug>460352</bug>
28	<bug>466124</bug>
29	<bug>468110</bug>
30	<bug>471140</bug>
31	<bug>483594</bug>
32	<access>remote</access>
33	<affected>
34	<package name="www-apps/mediawiki" auto="yes" arch="*">
35	<unaffected range="ge">1.21.2</unaffected>
36	<unaffected range="rge">1.20.7</unaffected>
37	<unaffected range="rge">1.19.8</unaffected>
38	<vulnerable range="lt">1.21.2</vulnerable>
39	</package>
40	</affected>
41	<background>
42	<p>The MediaWiki wiki web application as used on wikipedia.org.</p>
43	</background>
44	<description>
45	<p>Multiple vulnerabilities have been discovered in MediaWiki. Please
46	review the CVE identifiers referenced below for details.
47	</p>
48	</description>
49	<impact type="normal">
50	<p>A remote attacker may be able to execute arbitrary code, perform
51	man-in-the-middle attacks, obtain sensitive information or perform
52	cross-site scripting attacks.
53	</p>
54	</impact>
55	<workaround>
56	<p>There is no known workaround at this time.</p>
57	</workaround>
58	<resolution>
59	<p>All MediaWiki 1.21.x users should upgrade to the latest version:</p>
60
61	<code>
62	# emerge --sync
63	# emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.21.2"
64	</code>
65
66	<p>All MediaWiki 1.20.x users should upgrade to the latest version:</p>
67
68	<code>
69	# emerge --sync
70	# emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.20.7"
71	</code>
72
73	<p>All MediaWiki 1.19.x users should upgrade to the latest version:</p>
74
75	<code>
76	# emerge --sync
77	# emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.19.8"
78	</code>
79	</resolution>
80	<references>
81	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1816">CVE-2013-1816</uri>
82	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1817">CVE-2013-1817</uri>
83	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1818">CVE-2013-1818</uri>
84	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1951">CVE-2013-1951</uri>
85	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2031">CVE-2013-2031</uri>
86	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2032">CVE-2013-2032</uri>
87	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2114">CVE-2013-2114</uri>
88	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4301">CVE-2013-4301</uri>
89	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4302">CVE-2013-4302</uri>
90	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4303">CVE-2013-4303</uri>
91	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4304">CVE-2013-4304</uri>
92	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4305">CVE-2013-4305</uri>
93	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4306">CVE-2013-4306</uri>
94	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4307">CVE-2013-4307</uri>
95	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4308">CVE-2013-4308</uri>
96	</references>
97	<metadata tag="requester" timestamp="Sun, 24 Mar 2013 19:36:35 +0000">
98	keytoaster
99	</metadata>
100	<metadata tag="submitter" timestamp="Mon, 28 Oct 2013 16:56:03 +0000">ackle</metadata>
101	</glsa>

Gentoo Archives: gentoo-commits