Legoktm has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/351099 )
Change subject: Actually apply the patch for CVE-2017-0372 ...................................................................... Actually apply the patch for CVE-2017-0372 Change-Id: Ie2ebebab8787049cb03898acf0205ca04b97df38 --- M debian/changelog A debian/patches/CVE-2017-0372.diff M debian/patches/series 3 files changed, 36 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/debian refs/changes/99/351099/1 diff --git a/debian/changelog b/debian/changelog index 6db2cc8..2abd306 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +mediawiki (1:1.27.2-2) unstable; urgency=medium + + * Actually include fix for CVE-2017-0372, it was missed in the + 1.27.2 release. + + -- Kunal Mehta <[email protected]> Sat, 29 Apr 2017 21:02:35 -0700 + mediawiki (1:1.27.2-1) unstable; urgency=medium * Improve NEWS file (Closes: #852862, #854352) diff --git a/debian/patches/CVE-2017-0372.diff b/debian/patches/CVE-2017-0372.diff new file mode 100644 index 0000000..30164fa --- /dev/null +++ b/debian/patches/CVE-2017-0372.diff @@ -0,0 +1,28 @@ +From a88c5e1dcbdb3e9940c6f55a6744c62a6d62710f Mon Sep 17 00:00:00 2001 +From: Reedy <[email protected]> +Date: Tue, 21 Feb 2017 19:20:16 +0000 +Subject: [PATCH] SECURITY: Escape start argument before passing to pygments + +Issue identified by Yorick Koster + +Bug: T158689 +Change-Id: Ib55f7a38edbdd39c9587794d250e22d3b26950be +--- + SyntaxHighlight_GeSHi.class.php | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/SyntaxHighlight_GeSHi.class.php b/SyntaxHighlight_GeSHi.class.php +index 5381351..c722c1a 100644 +--- a/extensions/SyntaxHighlight_GeSHi/SyntaxHighlight_GeSHi.class.php ++++ b/extensions/SyntaxHighlight_GeSHi/SyntaxHighlight_GeSHi.class.php +@@ -263,8 +263,8 @@ public static function highlight( $code, $lang = null, $args = array() ) { + } + + // Starting line number +- if ( isset( $args['start'] ) ) { +- $options['linenostart'] = $args['start']; ++ if ( isset( $args['start'] ) && ctype_digit( $args['start'] ) ) { ++ $options['linenostart'] = (int)$args['start']; + } + + if ( $inline ) { diff --git a/debian/patches/series b/debian/patches/series index 6ba5991..e5d086c 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,3 +1,4 @@ debian_installer_overrides.diff pear-phail-fail-shebang.diff php-jwt-fix-shebang.diff +CVE-2017-0372.diff -- To view, visit https://gerrit.wikimedia.org/r/351099 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ie2ebebab8787049cb03898acf0205ca04b97df38 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/debian Gerrit-Branch: master Gerrit-Owner: Legoktm <[email protected]> _______________________________________________ MediaWiki-commits mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
