[go: nahoru, domu]
Page MenuHomePhabricator
Projects Vuln-DoS

Vuln-DoSTag
ActivePublic
Watch Project

Members

  • This project does not have any members.
  • View All

Watchers (1)

Details

Description

This tag is used to group security bugs by their general classification. These bugs cover denial of service (DoS) vulnerabilities.

Parent project: Security-Team

Recent Activity
View All

Sun, Aug 18

1234qwer1234qwer4 added a comment to T311360: RecentChanges timing out.
In T311360#8068029, @Ladsgroup wrote:

So if you remove that condition, it should be working again (until I find a fix for it).

Sun, Aug 18, 8:16 PM · MW-1.38-notes, MW-1.39-notes (1.39.0-wmf.18; 2022-06-27), Upstream, mariadb-optimizer-bug, Wikimedia-Slow-DB-Query, Performance-Team, DBA, Platform Engineering, Vuln-DoS, Wikimedia-production-error, Growth-Team, MediaWiki-Recent-changes

Mon, Aug 12

Novem_Linguae added a comment to T272297: User script on user subpage doesn't work after user rename.

This came up today at https://en.wikipedia.org/wiki/User_talk:Anne_drew/SetupAutoArchive#Page_move. It's a bit unintuitive for redirects generated by an official MediaWiki extension to not work. Hopefully the patch in this ticket can continue moving forward.

Mon, Aug 12, 3:16 AM · SecTeam-Processed, Security-Team, Patch-For-Review, MediaWiki-extensions-CentralAuth, JavaScript, MediaWiki-User-rename, MediaWiki-General, Vuln-DoS

Jul 10 2024

Legoktm added a comment to T363773: CVE-2024-40613: Evil regex used to process gadget definitions.

Just to clarify, despite being disclosed and announced today, Gadgets is a bundled extension, so the fix was released as part of MediaWiki 1.39.8 / 1.40.4 / 1.41.2 / 1.42.1.

Jul 10 2024, 10:28 PM · Patch-For-Review, security-bug, SecTeam-Processed, MediaWiki-extensions-Gadgets, Vuln-DoS, Security, Security-Team
mmartorana closed T363773: CVE-2024-40613: Evil regex used to process gadget definitions as Resolved.
Jul 10 2024, 8:58 AM · Patch-For-Review, security-bug, SecTeam-Processed, MediaWiki-extensions-Gadgets, Vuln-DoS, Security, Security-Team
mmartorana changed the visibility for T338419: CVE-2024-40609: Wikimedia\RequestTimeout\RequestTimeoutException on Special:Investigate timeline mode.
Jul 10 2024, 8:53 AM · Trust and Safety Product Sprint (Sprint Shekere (13th May - 24th May)), MW-1.42-notes, MW-1.43-notes (1.43.0-wmf.4; 2024-05-07), Patch-For-Review, Trust and Safety Product Team, SecTeam-Processed, CheckUser, Vuln-DoS, Security

Jul 8 2024

mmartorana renamed T363773: CVE-2024-40613: Evil regex used to process gadget definitions from Evil regex used to process gadget definitions to CVE-2024-40613: Evil regex used to process gadget definitions.
Jul 8 2024, 5:38 PM · Patch-For-Review, security-bug, SecTeam-Processed, MediaWiki-extensions-Gadgets, Vuln-DoS, Security, Security-Team
mmartorana renamed T338419: CVE-2024-40609: Wikimedia\RequestTimeout\RequestTimeoutException on Special:Investigate timeline mode from Wikimedia\RequestTimeout\RequestTimeoutException on Special:Investigate timeline mode to CVE-2024-40609: Wikimedia\RequestTimeout\RequestTimeoutException on Special:Investigate timeline mode.
Jul 8 2024, 5:34 PM · Trust and Safety Product Sprint (Sprint Shekere (13th May - 24th May)), MW-1.42-notes, MW-1.43-notes (1.43.0-wmf.4; 2024-05-07), Patch-For-Review, Trust and Safety Product Team, SecTeam-Processed, CheckUser, Vuln-DoS, Security

Jun 4 2024

gerritbot added a comment to T363773: CVE-2024-40613: Evil regex used to process gadget definitions.

Change #1036653 merged by jenkins-bot:

[mediawiki/extensions/Gadgets@REL1_41] SECURITY: Improve regular expression performance

https://gerrit.wikimedia.org/r/1036653

Jun 4 2024, 3:03 PM · Patch-For-Review, security-bug, SecTeam-Processed, MediaWiki-extensions-Gadgets, Vuln-DoS, Security, Security-Team
gerritbot added a comment to T363773: CVE-2024-40613: Evil regex used to process gadget definitions.

Change #1036654 merged by jenkins-bot:

[mediawiki/extensions/Gadgets@REL1_40] SECURITY: Improve regular expression performance

https://gerrit.wikimedia.org/r/1036654

Jun 4 2024, 3:03 PM · Patch-For-Review, security-bug, SecTeam-Processed, MediaWiki-extensions-Gadgets, Vuln-DoS, Security, Security-Team
gerritbot added a comment to T363773: CVE-2024-40613: Evil regex used to process gadget definitions.

Change #1036652 merged by jenkins-bot:

[mediawiki/extensions/Gadgets@REL1_42] SECURITY: Improve regular expression performance

https://gerrit.wikimedia.org/r/1036652

Jun 4 2024, 3:03 PM · Patch-For-Review, security-bug, SecTeam-Processed, MediaWiki-extensions-Gadgets, Vuln-DoS, Security, Security-Team
gerritbot added a comment to T363773: CVE-2024-40613: Evil regex used to process gadget definitions.

Change #1036655 merged by jenkins-bot:

[mediawiki/extensions/Gadgets@REL1_39] SECURITY: Improve regular expression performance

https://gerrit.wikimedia.org/r/1036655

Jun 4 2024, 3:02 PM · Patch-For-Review, security-bug, SecTeam-Processed, MediaWiki-extensions-Gadgets, Vuln-DoS, Security, Security-Team

May 28 2024

gerritbot added a comment to T363773: CVE-2024-40613: Evil regex used to process gadget definitions.

Change #1036655 had a related patch set uploaded (by SBassett; author: SBassett):

[mediawiki/extensions/Gadgets@REL1_39] SECURITY: Improve regular expression performance

https://gerrit.wikimedia.org/r/1036655

May 28 2024, 2:31 PM · Patch-For-Review, security-bug, SecTeam-Processed, MediaWiki-extensions-Gadgets, Vuln-DoS, Security, Security-Team
gerritbot added a comment to T363773: CVE-2024-40613: Evil regex used to process gadget definitions.

Change #1036654 had a related patch set uploaded (by SBassett; author: SBassett):

[mediawiki/extensions/Gadgets@REL1_40] SECURITY: Improve regular expression performance

https://gerrit.wikimedia.org/r/1036654

May 28 2024, 2:29 PM · Patch-For-Review, security-bug, SecTeam-Processed, MediaWiki-extensions-Gadgets, Vuln-DoS, Security, Security-Team
gerritbot added a comment to T363773: CVE-2024-40613: Evil regex used to process gadget definitions.

Change #1036653 had a related patch set uploaded (by SBassett; author: SBassett):

[mediawiki/extensions/Gadgets@REL1_41] SECURITY: Improve regular expression performance

https://gerrit.wikimedia.org/r/1036653

May 28 2024, 2:29 PM · Patch-For-Review, security-bug, SecTeam-Processed, MediaWiki-extensions-Gadgets, Vuln-DoS, Security, Security-Team
gerritbot added a comment to T363773: CVE-2024-40613: Evil regex used to process gadget definitions.

Change #1036652 had a related patch set uploaded (by SBassett; author: SBassett):

[mediawiki/extensions/Gadgets@REL1_42] SECURITY: Improve regular expression performance

https://gerrit.wikimedia.org/r/1036652

May 28 2024, 2:28 PM · Patch-For-Review, security-bug, SecTeam-Processed, MediaWiki-extensions-Gadgets, Vuln-DoS, Security, Security-Team

May 27 2024

gerritbot added a comment to T363773: CVE-2024-40613: Evil regex used to process gadget definitions.

Change #1030565 merged by jenkins-bot:

[mediawiki/extensions/Gadgets@master] SECURITY: Improve regular expression performance

https://gerrit.wikimedia.org/r/1030565

May 27 2024, 2:07 AM · Patch-For-Review, security-bug, SecTeam-Processed, MediaWiki-extensions-Gadgets, Vuln-DoS, Security, Security-Team

May 14 2024

gerritbot added a project to T363773: CVE-2024-40613: Evil regex used to process gadget definitions: Patch-For-Review.
May 14 2024, 9:08 PM · Patch-For-Review, security-bug, SecTeam-Processed, MediaWiki-extensions-Gadgets, Vuln-DoS, Security, Security-Team
gerritbot added a comment to T363773: CVE-2024-40613: Evil regex used to process gadget definitions.

Change #1030565 had a related patch set uploaded (by SBassett; author: SBassett):

[mediawiki/extensions/Gadgets@master] SECURITY: Improve regular expression performance

https://gerrit.wikimedia.org/r/1030565

May 14 2024, 9:07 PM · Patch-For-Review, security-bug, SecTeam-Processed, MediaWiki-extensions-Gadgets, Vuln-DoS, Security, Security-Team
R4356th added a comment to T363773: CVE-2024-40613: Evil regex used to process gadget definitions.
In T363773#9797030, @sbassett wrote:

A basic patch implementing @Bawolff's new regexp from above:

01-T363773.patch1 KBDownload

I feel like this is likely low-risk to where it could just go through gerrit since, to exploit this on Wikimedia projects, one would need to first compromise an int-admin account in order to edit MediaWiki:Gadgets-definition.

May 14 2024, 7:59 PM · Patch-For-Review, security-bug, SecTeam-Processed, MediaWiki-extensions-Gadgets, Vuln-DoS, Security, Security-Team
sbassett updated subscribers of T363773: CVE-2024-40613: Evil regex used to process gadget definitions.
May 14 2024, 7:42 PM · Patch-For-Review, security-bug, SecTeam-Processed, MediaWiki-extensions-Gadgets, Vuln-DoS, Security, Security-Team
sbassett changed the status of T363773: CVE-2024-40613: Evil regex used to process gadget definitions from Open to In Progress.
May 14 2024, 7:42 PM · Patch-For-Review, security-bug, SecTeam-Processed, MediaWiki-extensions-Gadgets, Vuln-DoS, Security, Security-Team
sbassett set Risk Rating to low on T363773: CVE-2024-40613: Evil regex used to process gadget definitions.
May 14 2024, 7:42 PM · Patch-For-Review, security-bug, SecTeam-Processed, MediaWiki-extensions-Gadgets, Vuln-DoS, Security, Security-Team
sbassett added a comment to T363773: CVE-2024-40613: Evil regex used to process gadget definitions.
In T363773#9788169, @R4356th wrote:
In T363773#9783948, @mmartorana wrote:

If anyone wants to write a patch with @Bawolff enhanced regex to address these issues, we would be pleased to review it and deploy it.

I believe we could move ahead with this, @Bawolff.

May 14 2024, 7:42 PM · Patch-For-Review, security-bug, SecTeam-Processed, MediaWiki-extensions-Gadgets, Vuln-DoS, Security, Security-Team

May 13 2024

gerritbot added a comment to T338419: CVE-2024-40609: Wikimedia\RequestTimeout\RequestTimeoutException on Special:Investigate timeline mode.

Change #1030973 merged by jenkins-bot:

[mediawiki/extensions/CheckUser@REL1_39] Skip query in 'Timeline' mode if there are no filtered targets

https://gerrit.wikimedia.org/r/1030973

May 13 2024, 3:57 PM · Trust and Safety Product Sprint (Sprint Shekere (13th May - 24th May)), MW-1.42-notes, MW-1.43-notes (1.43.0-wmf.4; 2024-05-07), Patch-For-Review, Trust and Safety Product Team, SecTeam-Processed, CheckUser, Vuln-DoS, Security
gerritbot added a comment to T338419: CVE-2024-40609: Wikimedia\RequestTimeout\RequestTimeoutException on Special:Investigate timeline mode.

Change #1030972 merged by jenkins-bot:

[mediawiki/extensions/CheckUser@REL1_40] Skip query in 'Timeline' mode if there are no filtered targets

https://gerrit.wikimedia.org/r/1030972

May 13 2024, 3:57 PM · Trust and Safety Product Sprint (Sprint Shekere (13th May - 24th May)), MW-1.42-notes, MW-1.43-notes (1.43.0-wmf.4; 2024-05-07), Patch-For-Review, Trust and Safety Product Team, SecTeam-Processed, CheckUser, Vuln-DoS, Security
gerritbot added a comment to T338419: CVE-2024-40609: Wikimedia\RequestTimeout\RequestTimeoutException on Special:Investigate timeline mode.

Change #1030884 merged by jenkins-bot:

[mediawiki/extensions/CheckUser@REL1_41] Skip query in 'Timeline' mode if there are no filtered targets

https://gerrit.wikimedia.org/r/1030884

May 13 2024, 3:42 PM · Trust and Safety Product Sprint (Sprint Shekere (13th May - 24th May)), MW-1.42-notes, MW-1.43-notes (1.43.0-wmf.4; 2024-05-07), Patch-For-Review, Trust and Safety Product Team, SecTeam-Processed, CheckUser, Vuln-DoS, Security
Dreamy_Jazz closed T338419: CVE-2024-40609: Wikimedia\RequestTimeout\RequestTimeoutException on Special:Investigate timeline mode as Resolved.
May 13 2024, 3:41 PM · Trust and Safety Product Sprint (Sprint Shekere (13th May - 24th May)), MW-1.42-notes, MW-1.43-notes (1.43.0-wmf.4; 2024-05-07), Patch-For-Review, Trust and Safety Product Team, SecTeam-Processed, CheckUser, Vuln-DoS, Security
Dreamy_Jazz moved T338419: CVE-2024-40609: Wikimedia\RequestTimeout\RequestTimeoutException on Special:Investigate timeline mode from Needs Review to Needs QA on the Trust and Safety Product Sprint (Sprint Shekere (13th May - 24th May)) board.
May 13 2024, 3:35 PM · Trust and Safety Product Sprint (Sprint Shekere (13th May - 24th May)), MW-1.42-notes, MW-1.43-notes (1.43.0-wmf.4; 2024-05-07), Patch-For-Review, Trust and Safety Product Team, SecTeam-Processed, CheckUser, Vuln-DoS, Security
gerritbot added a comment to T338419: CVE-2024-40609: Wikimedia\RequestTimeout\RequestTimeoutException on Special:Investigate timeline mode.

Change #1030973 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):

[mediawiki/extensions/CheckUser@REL1_39] Skip query in 'Timeline' mode if there are no filtered targets

https://gerrit.wikimedia.org/r/1030973

May 13 2024, 3:35 PM · Trust and Safety Product Sprint (Sprint Shekere (13th May - 24th May)), MW-1.42-notes, MW-1.43-notes (1.43.0-wmf.4; 2024-05-07), Patch-For-Review, Trust and Safety Product Team, SecTeam-Processed, CheckUser, Vuln-DoS, Security
gerritbot added a comment to T338419: CVE-2024-40609: Wikimedia\RequestTimeout\RequestTimeoutException on Special:Investigate timeline mode.

Change #1030972 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):

[mediawiki/extensions/CheckUser@REL1_40] Skip query in 'Timeline' mode if there are no filtered targets

https://gerrit.wikimedia.org/r/1030972

May 13 2024, 3:34 PM · Trust and Safety Product Sprint (Sprint Shekere (13th May - 24th May)), MW-1.42-notes, MW-1.43-notes (1.43.0-wmf.4; 2024-05-07), Patch-For-Review, Trust and Safety Product Team, SecTeam-Processed, CheckUser, Vuln-DoS, Security
gerritbot added a comment to T338419: CVE-2024-40609: Wikimedia\RequestTimeout\RequestTimeoutException on Special:Investigate timeline mode.

Change #1030878 merged by jenkins-bot:

[mediawiki/extensions/CheckUser@REL1_42] Skip query in 'Timeline' mode if there are no filtered targets

https://gerrit.wikimedia.org/r/1030878

May 13 2024, 11:12 AM · Trust and Safety Product Sprint (Sprint Shekere (13th May - 24th May)), MW-1.42-notes, MW-1.43-notes (1.43.0-wmf.4; 2024-05-07), Patch-For-Review, Trust and Safety Product Team, SecTeam-Processed, CheckUser, Vuln-DoS, Security
gerritbot added a comment to T338419: CVE-2024-40609: Wikimedia\RequestTimeout\RequestTimeoutException on Special:Investigate timeline mode.

Change #1030884 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):

[mediawiki/extensions/CheckUser@REL1_41] Skip query in 'Timeline' mode if there are no filtered targets

https://gerrit.wikimedia.org/r/1030884

May 13 2024, 11:05 AM · Trust and Safety Product Sprint (Sprint Shekere (13th May - 24th May)), MW-1.42-notes, MW-1.43-notes (1.43.0-wmf.4; 2024-05-07), Patch-For-Review, Trust and Safety Product Team, SecTeam-Processed, CheckUser, Vuln-DoS, Security
kostajh edited projects for T338419: CVE-2024-40609: Wikimedia\RequestTimeout\RequestTimeoutException on Special:Investigate timeline mode, added: Trust and Safety Product Sprint (Sprint Shekere (13th May - 24th May)); removed Trust and Safety Product Sprint (Sprint Pennywhistle (23rd April - 3rd May)).
May 13 2024, 9:27 AM · Trust and Safety Product Sprint (Sprint Shekere (13th May - 24th May)), MW-1.42-notes, MW-1.43-notes (1.43.0-wmf.4; 2024-05-07), Patch-For-Review, Trust and Safety Product Team, SecTeam-Processed, CheckUser, Vuln-DoS, Security
gerritbot added a comment to T338419: CVE-2024-40609: Wikimedia\RequestTimeout\RequestTimeoutException on Special:Investigate timeline mode.

Change #1030878 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):

[mediawiki/extensions/CheckUser@REL1_42] Skip query in 'Timeline' mode if there are no filtered targets

https://gerrit.wikimedia.org/r/1030878

May 13 2024, 9:23 AM · Trust and Safety Product Sprint (Sprint Shekere (13th May - 24th May)), MW-1.42-notes, MW-1.43-notes (1.43.0-wmf.4; 2024-05-07), Patch-For-Review, Trust and Safety Product Team, SecTeam-Processed, CheckUser, Vuln-DoS, Security
gerritbot added a comment to T338419: CVE-2024-40609: Wikimedia\RequestTimeout\RequestTimeoutException on Special:Investigate timeline mode.

Change #1026044 abandoned by Dreamy Jazz:

[mediawiki/extensions/CheckUser@REL1_39] Use IndexPager::mLimit for 'Timeline' mode SQL subquery limits

Reason:

https://gerrit.wikimedia.org/r/1026044

May 13 2024, 9:22 AM · Trust and Safety Product Sprint (Sprint Shekere (13th May - 24th May)), MW-1.42-notes, MW-1.43-notes (1.43.0-wmf.4; 2024-05-07), Patch-For-Review, Trust and Safety Product Team, SecTeam-Processed, CheckUser, Vuln-DoS, Security
gerritbot added a comment to T338419: CVE-2024-40609: Wikimedia\RequestTimeout\RequestTimeoutException on Special:Investigate timeline mode.

Change #1026043 abandoned by Dreamy Jazz:

[mediawiki/extensions/CheckUser@REL1_40] Use IndexPager::mLimit for 'Timeline' mode SQL subquery limits

Reason:

https://gerrit.wikimedia.org/r/1026043

May 13 2024, 9:22 AM · Trust and Safety Product Sprint (Sprint Shekere (13th May - 24th May)), MW-1.42-notes, MW-1.43-notes (1.43.0-wmf.4; 2024-05-07), Patch-For-Review, Trust and Safety Product Team, SecTeam-Processed, CheckUser, Vuln-DoS, Security
gerritbot added a comment to T338419: CVE-2024-40609: Wikimedia\RequestTimeout\RequestTimeoutException on Special:Investigate timeline mode.

Change #1026042 abandoned by Dreamy Jazz:

[mediawiki/extensions/CheckUser@REL1_41] Use IndexPager::mLimit for 'Timeline' mode SQL subquery limits

Reason:

https://gerrit.wikimedia.org/r/1026042

May 13 2024, 9:22 AM · Trust and Safety Product Sprint (Sprint Shekere (13th May - 24th May)), MW-1.42-notes, MW-1.43-notes (1.43.0-wmf.4; 2024-05-07), Patch-For-Review, Trust and Safety Product Team, SecTeam-Processed, CheckUser, Vuln-DoS, Security
gerritbot added a comment to T338419: CVE-2024-40609: Wikimedia\RequestTimeout\RequestTimeoutException on Special:Investigate timeline mode.

Change #1026041 abandoned by Dreamy Jazz:

[mediawiki/extensions/CheckUser@REL1_42] Use IndexPager::mLimit for 'Timeline' mode SQL subquery limits

Reason:

https://gerrit.wikimedia.org/r/1026041

May 13 2024, 9:22 AM · Trust and Safety Product Sprint (Sprint Shekere (13th May - 24th May)), MW-1.42-notes, MW-1.43-notes (1.43.0-wmf.4; 2024-05-07), Patch-For-Review, Trust and Safety Product Team, SecTeam-Processed, CheckUser, Vuln-DoS, Security

May 11 2024

R4356th added a comment to T363773: CVE-2024-40613: Evil regex used to process gadget definitions.

Apologies for the late response.

May 11 2024, 9:42 PM · Patch-For-Review, security-bug, SecTeam-Processed, MediaWiki-extensions-Gadgets, Vuln-DoS, Security, Security-Team

May 9 2024

mmartorana added a comment to T363773: CVE-2024-40613: Evil regex used to process gadget definitions.

If anyone wants to write a patch with @Bawolff enhanced regex to address these issues, we would be pleased to review it and deploy it.

May 9 2024, 4:48 PM · Patch-For-Review, security-bug, SecTeam-Processed, MediaWiki-extensions-Gadgets, Vuln-DoS, Security, Security-Team

May 6 2024

sbassett moved T363773: CVE-2024-40613: Evil regex used to process gadget definitions from Incoming to Watching on the Security-Team board.
May 6 2024, 4:15 PM · Patch-For-Review, security-bug, SecTeam-Processed, MediaWiki-extensions-Gadgets, Vuln-DoS, Security, Security-Team
MoritzMuehlenhoff renamed T357760: CVE-2024-34506: Denial of service vector via GET request to Special:MovePage on pages with thousands of subpages from CVE-2024-: Denial of service vector via GET request to Special:MovePage on pages with thousands of subpages to CVE-2024-34506: Denial of service vector via GET request to Special:MovePage on pages with thousands of subpages.
May 6 2024, 10:22 AM · MW-1.42-notes (1.42.0-wmf.26; 2024-04-09), MW-1.41-notes, MW-1.40-notes, MW-1.39-notes, SecTeam-Processed, Patch-For-Review, MediaWiki-Page-rename, Vuln-DoS, Security, Security-Team

May 5 2024

Jdforrester-WMF added a comment to T338419: CVE-2024-40609: Wikimedia\RequestTimeout\RequestTimeoutException on Special:Investigate timeline mode.

Above removal done in fc7f21c9 local commit on the server. Re-downgrading and unmarking as a blocker.

May 5 2024, 8:04 PM · Trust and Safety Product Sprint (Sprint Shekere (13th May - 24th May)), MW-1.42-notes, MW-1.43-notes (1.43.0-wmf.4; 2024-05-07), Patch-For-Review, Trust and Safety Product Team, SecTeam-Processed, CheckUser, Vuln-DoS, Security
Jdforrester-WMF lowered the priority of T338419: CVE-2024-40609: Wikimedia\RequestTimeout\RequestTimeoutException on Special:Investigate timeline mode from Unbreak Now! to Medium.
May 5 2024, 8:03 PM · Trust and Safety Product Sprint (Sprint Shekere (13th May - 24th May)), MW-1.42-notes, MW-1.43-notes (1.43.0-wmf.4; 2024-05-07), Patch-For-Review, Trust and Safety Product Team, SecTeam-Processed, CheckUser, Vuln-DoS, Security
Jdforrester-WMF removed a parent task for T338419: CVE-2024-40609: Wikimedia\RequestTimeout\RequestTimeoutException on Special:Investigate timeline mode: T361398: 1.43.0-wmf.4 deployment blockers.
May 5 2024, 8:03 PM · Trust and Safety Product Sprint (Sprint Shekere (13th May - 24th May)), MW-1.42-notes, MW-1.43-notes (1.43.0-wmf.4; 2024-05-07), Patch-For-Review, Trust and Safety Product Team, SecTeam-Processed, CheckUser, Vuln-DoS, Security

May 3 2024

gerritbot added a comment to T338419: CVE-2024-40609: Wikimedia\RequestTimeout\RequestTimeoutException on Special:Investigate timeline mode.

Change #1026176 merged by jenkins-bot:

[mediawiki/extensions/CheckUser@master] Skip query in 'Timeline' mode if there are no filtered targets

https://gerrit.wikimedia.org/r/1026176

May 3 2024, 8:08 PM · Trust and Safety Product Sprint (Sprint Shekere (13th May - 24th May)), MW-1.42-notes, MW-1.43-notes (1.43.0-wmf.4; 2024-05-07), Patch-For-Review, Trust and Safety Product Team, SecTeam-Processed, CheckUser, Vuln-DoS, Security
Bawolff added a comment to T363773: CVE-2024-40613: Evil regex used to process gadget definitions.

I do wonder what the WMF's PCRE backtrack limit is, however.

May 3 2024, 6:01 PM · Patch-For-Review, security-bug, SecTeam-Processed, MediaWiki-extensions-Gadgets, Vuln-DoS, Security, Security-Team
R4356th added a comment to T363773: CVE-2024-40613: Evil regex used to process gadget definitions.
In T363773#9762681, @Bawolff wrote:

A better version that i think is equivalent is:

/^==+ *([^*:\s|]+)\s*(?<!=)==+\s*$/

This is still vulnerable according to the redos checker (2nd order poly). However when i tried to actually test it, I wasn't able to really trigger a dos even when giving it 100's of mb of data.

May 3 2024, 4:58 PM · Patch-For-Review, security-bug, SecTeam-Processed, MediaWiki-extensions-Gadgets, Vuln-DoS, Security, Security-Team

May 2 2024

Bawolff added a comment to T363773: CVE-2024-40613: Evil regex used to process gadget definitions.

Ah, i guess i was wrong here.

May 2 2024, 1:51 AM · Patch-For-Review, security-bug, SecTeam-Processed, MediaWiki-extensions-Gadgets, Vuln-DoS, Security, Security-Team
SecurityPatchBot raised the priority of T338419: CVE-2024-40609: Wikimedia\RequestTimeout\RequestTimeoutException on Special:Investigate timeline mode from Medium to Unbreak Now!.

Patch 01-T338419.patch is currently failing to apply for the most recent code in the mainline branch of extensions/CheckUser. This is blocking MediaWiki release 1.43.0-wmf.4(T361398)

May 2 2024, 12:01 AM · Trust and Safety Product Sprint (Sprint Shekere (13th May - 24th May)), MW-1.42-notes, MW-1.43-notes (1.43.0-wmf.4; 2024-05-07), Patch-For-Review, Trust and Safety Product Team, SecTeam-Processed, CheckUser, Vuln-DoS, Security
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits