Re: [SRM] Permission to upload mediawiki to stable
On Sat, 2010-12-18 at 00:28 +0000, Jonathan Wiltshire wrote:
> * Fixed CSRF vulnerability in "e-mail me my password",
> "create account" and "create by e-mail" features of
> [[Special:Userlogin]]. CVE-2010-1648
> * Fixed XSS vulnerability affecting IE clients only, due to a CSS
> validation issue. CVE-2010-1647 (Closes: #585918)
The security tracker seems to be somewhat confused here, fwiw -
http://security-tracker.debian.org/tracker/CVE-2010-164{7,8} both claim
that the issue was fixed in -2lenny5.
> * Fixed an XSS vulnerability in profileinfo.php for installations
> with $wgEnableProfileInfo = true (false by default) (Closes: #590669)
+- if ( preg_match( '!expression|https?://|url\s*\(!i', $decoded ) ) {
+- // Not allowed
+- return false;
+- } else {
+- // Allowed, return CSS with comments stripped
+- return $value;
++ // Reject problematic keywords and control characters
++ if ( preg_match( '/[\000-\010\016-\037\177]/', $value ) ) {
++ return '/* invalid control char */';
++ } elseif ( preg_match( '! expression | filter\s*: | accelerator\s*: | url\s*\( !ix', $value ) ) {
++ return '/* insecure input */';
Hmmm, the removal of the hard-coded "https?://" looks a little strange
there; other than that, the patch looks okay; thanks.
Regards,
Adam
Reply to: