[evolvis-commits] r18324: Fix CVE-2012-0046 cache pollution vulnerability

mirabilos at evolvis.org mirabilos at evolvis.org
Wed Apr 11 11:16:53 CEST 2012


Author: mirabilos
Date: 2012-04-11 11:16:52 +0200 (Wed, 11 Apr 2012)
New Revision: 18324

Added:
   trunk/mediawiki/debian/patches/CVE-2012-0046.patch
Modified:
   trunk/mediawiki/debian/changelog
   trunk/mediawiki/debian/patches/series
Log:
Fix CVE-2012-0046 cache pollution vulnerability

Modified: trunk/mediawiki/debian/changelog
===================================================================
--- trunk/mediawiki/debian/changelog	2012-04-11 09:16:52 UTC (rev 18323)
+++ trunk/mediawiki/debian/changelog	2012-04-11 09:16:52 UTC (rev 18324)
@@ -1,9 +1,14 @@
 mediawiki (1:1.15.5-6) UNRELEASED; urgency=low
 
+  [ Thorsten Glaser ]
   * debian/patches/khtml_not_ff9.patch: new (Closes: #652948)
 
- -- Thorsten Glaser <tg at mirbsd.de>  Wed, 11 Jan 2012 10:03:14 +0100
+  [ Jonathan Wiltshire ]
+  * debian/patches/CVE-2012-0046.patch: security fix for unintended exposure
+    of hidden content through cache pollution, CVE-2012-0046 (Closes: #655694)
 
+ -- Jonathan Wiltshire <jmw at debian.org>  Thu, 12 Jan 2012 14:53:15 +0000
+
 mediawiki (1:1.15.5-5) unstable; urgency=high
 
   * Security fixes from upstream:

Added: trunk/mediawiki/debian/patches/CVE-2012-0046.patch
===================================================================
--- trunk/mediawiki/debian/patches/CVE-2012-0046.patch	                        (rev 0)
+++ trunk/mediawiki/debian/patches/CVE-2012-0046.patch	2012-04-11 09:16:52 UTC (rev 18324)
@@ -0,0 +1,17 @@
+Description: prevent cache pollution exposing previously deleted text to
+ users behind caching proxy
+Author: Tim Starling
+Bug: https://bugzilla.wikimedia.org/show_bug.cgi?id=33117
+Last-Update: 2012-01-12
+
+--- mediawiki-1.15.5.orig/includes/api/ApiQueryRevisions.php
++++ mediawiki-1.15.5/includes/api/ApiQueryRevisions.php
+@@ -113,7 +113,7 @@
+ 				$difftoRev = Revision::newFromID($params['diffto']);
+ 				if (!$difftoRev)
+ 					$this->dieUsageMsg(array('nosuchrevid', $params['diffto']));
+-				if (!$difftoRev->userCan(Revision::DELETED_TEXT)) {
++				if ($difftoRev->isDeleted(Revision::DELETED_TEXT)) {
+ 					$this->setWarning("Couldn't diff to r{$difftoRev->getID()}: content is hidden");
+ 					$params['diffto'] = null;
+ 				}

Modified: trunk/mediawiki/debian/patches/series
===================================================================
--- trunk/mediawiki/debian/patches/series	2012-04-11 09:16:52 UTC (rev 18323)
+++ trunk/mediawiki/debian/patches/series	2012-04-11 09:16:52 UTC (rev 18324)
@@ -16,3 +16,4 @@
 CVE-2011-4360.patch
 CVE-2011-4361.patch
 khtml_not_ff9.patch
+CVE-2012-0046.patch



More information about the evolvis-commits mailing list