Page MenuHomePhabricator
Feed Advanced Search

Advanced Search
Use Results
Hide Query

Apr 30 2017

Yorick added a comment to T164155: new minor release needed for syntaxhighlight.

Thanks for taking these actions @Bawolff

Apr 30 2017, 6:00 AM · Security, Release

Apr 28 2017

Yorick added a comment to T158689: Parameters injection in SyntaxHighlight results in multiple vulnerabilities.

Fair enough, although I kinda got that :). My point is that a lot of people will use the tarball and will not get the fix (if they update at all). The fix is for example also not in Debian's version (https://sources.debian.net/src/mediawiki/1:1.27.2-1/extensions/SyntaxHighlight_GeSHi/SyntaxHighlight_GeSHi.class.php/).

Apr 28 2017, 4:23 PM · Security, MW-1.29-release (WMF-deploy-2017-04-04_(1.29.0-wmf.19)), Patch-For-Review, Vuln-XSS
Yorick added a comment to T158689: Parameters injection in SyntaxHighlight results in multiple vulnerabilities.

@demon @Reedy how to proceed? The details of this issue are now public, yet the fix is not included in 1.28.1 & 1.27.2

Apr 28 2017, 6:49 AM · Security, MW-1.29-release (WMF-deploy-2017-04-04_(1.29.0-wmf.19)), Patch-For-Review, Vuln-XSS

Apr 18 2017

Yorick added a comment to T158689: Parameters injection in SyntaxHighlight results in multiple vulnerabilities.

This issue is reported as fixed in 1.28.1 / 1.27.2, but I can't seem to find the fix.

Apr 18 2017, 8:25 AM · Security, MW-1.29-release (WMF-deploy-2017-04-04_(1.29.0-wmf.19)), Patch-For-Review, Vuln-XSS
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL