Maniphest T297830

Tracking bug for MediaWiki 1.35.6/1.36.4/1.37.2
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	Reedy
	Dec 15 2021, 8:53 PM

Tags

Referenced Files

	F34881402: 0001-SECURITY-Add-recursion-guard-to-Title-newMainPage.patch
	Mar 20 2022, 3:23 PM

	F34883919: T297731.patch
	Mar 20 2022, 3:23 PM

	F34944100: T297754-squash.patch
	Mar 20 2022, 3:23 PM

Subscribers

Description

Previous work: T292227: Tracking bug for MediaWiki 1.35.5/1.36.3/1.37.1

Tracking bug for next security release, 1.35.6/1.36.4/1.37.2

Maniphest ID	CVE ID	REL1_35	REL1_36	REL1_37	REL1_38	master
T297543	CVE-2022-28202	merged	merged	merged	merged	merged
T297571	CVE-2022-28201	0001-SECURITY-Add-recursion-guard-to-Title-newMainPage.patch2 KBDownload	0001-SECURITY-Add-recursion-guard-to-Title-newMainPage.patch2 KBDownload	0001-SECURITY-Add-recursion-guard-to-Title-newMainPage.patch2 KBDownload	0001-SECURITY-Add-recursion-guard-to-Title-newMainPage.patch2 KBDownload	0001-SECURITY-Add-recursion-guard-to-Title-newMainPage.patch2 KBDownload
T297731	CVE-2022-28203	T297731.patch1 KBDownload	T297731.patch1 KBDownload	T297731.patch1 KBDownload	T297731.patch1 KBDownload	T297731.patch1 KBDownload
T297754	CVE-2022-28204	n/a	n/a	T297754-squash.patch11 KBDownload	T297754-squash.patch11 KBDownload	T297754-squash.patch11 KBDownload

Related Objects
Search...

		Status	Subtype	Assigned	Task
		Resolved		Reedy	T297829 Release MediaWiki 1.35.6/1.36.4/1.37.2
		Resolved		Reedy	T297830 Tracking bug for MediaWiki 1.35.6/1.36.4/1.37.2
		Resolved	Security	Ladsgroup	T297731 CVE-2022-28203: Requesting Special:NewFiles in commons with actor as a condition can bring the whole database down
		Resolved	Security	Legoktm	T297571 CVE-2022-28201: Title::newMainPage() goes into an infinite recursion loop if it points to a local interwiki
		Resolved	Security	Lucas_Werkmeister_WMDE	T297754 CVE-2022-28204: Whatlinkshere of heavily used properties in wikidata can be easily utilized as a DDoS vector
		Resolved	Security	sbassett	T297543 CVE-2022-28202: Messages widthheight/widthheightpage/nbytes not escaped when used in galleries or Special:RevisionDelete

Event Timeline

Reedy added projects: Security, MediaWiki-Releasing.Dec 15 2021, 8:53 PM

Reedy subscribed.

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 15 2021, 8:53 PM

Reedy added a parent task: T297829: Release MediaWiki 1.35.6/1.36.4/1.37.2.Dec 15 2021, 8:53 PM

Reedy renamed this task from Tracking bug for MediaWiki 1.35.5/1.36.3/1.37.1 to Tracking bug for MediaWiki 1.35.6/1.36.4/1.37.2.Dec 15 2021, 9:12 PM

Reedy updated the task description. (Show Details)

sbassett added a subtask: T297731: CVE-2022-28203: Requesting Special:NewFiles in commons with actor as a condition can bring the whole database down .Dec 21 2021, 3:37 PM

sbassett added a subtask: T297571: CVE-2022-28201: Title::newMainPage() goes into an infinite recursion loop if it points to a local interwiki.Jan 18 2022, 11:22 PM

sbassett added a subtask: T297754: CVE-2022-28204: Whatlinkshere of heavily used properties in wikidata can be easily utilized as a DDoS vector.Feb 1 2022, 4:00 PM

sbassett mentioned this in T297754: CVE-2022-28204: Whatlinkshere of heavily used properties in wikidata can be easily utilized as a DDoS vector.Feb 1 2022, 4:03 PM

Reedy updated the task description. (Show Details)Mar 20 2022, 12:44 PM

Reedy updated the task description. (Show Details)

Reedy updated the task description. (Show Details)

Reedy closed subtask T297571: CVE-2022-28201: Title::newMainPage() goes into an infinite recursion loop if it points to a local interwiki as Resolved.Mar 20 2022, 12:46 PM

Reedy closed subtask T297754: CVE-2022-28204: Whatlinkshere of heavily used properties in wikidata can be easily utilized as a DDoS vector as Resolved.

Reedy added a subtask: T297543: CVE-2022-28202: Messages widthheight/widthheightpage/nbytes not escaped when used in galleries or Special:RevisionDelete.Mar 20 2022, 2:51 PM

Reedy updated the task description. (Show Details)Mar 20 2022, 3:23 PM

So the 3 patches apply fine on master/REL1_38/REL1_37.

The first two (not T297754: CVE-2022-28204: Whatlinkshere of heavily used properties in wikidata can be easily utilized as a DDoS vector) also apply to REL1_36/REL1_35. Need to poke at that one a bit further.

Looks like rMWb9c68590d68c: Use pagination on Special:Whatlinkshere based on offset/dir system is the cause of the conflict....

Reedy updated the task description. (Show Details)Mar 28 2022, 1:41 PM

Reedy updated the task description. (Show Details)Mar 30 2022, 6:06 PM

DannyS712 mentioned this in T305200: Tracking bug for MediaWiki 1.35.7/1.37.3/1.38.2.Mar 31 2022, 10:13 PM

Reedy closed this task as Resolved.Mar 31 2022, 11:03 PM

Reedy claimed this task.

Reedy triaged this task as Medium priority.

Reedy changed the visibility from "acl*security (Project)" to "Public (No Login Required)".

Reedy changed the edit policy from "acl*security (Project)" to "All Users".