[ubuntu/intrepid-security] mediawiki_1.12.0-2ubuntu0.5_amd64_translations.tar.gz, mediawiki_1.12.0-2ubuntu0.5_sparc_translations.tar.gz (delayed), mediawiki_1.12.0-2ubuntu0.5_hppa_translations.tar.gz, mediawiki, mediawiki_1.12.0-2ubuntu0.5_ia64_translations.tar.gz, mediawiki_1.12.0-2ubuntu0.5_i386_translations.tar.gz, mediawiki_1.12.0-2ubuntu0.5_powerpc_translations.tar.gz, mediawiki_1.12.0-2ubuntu0.5_lpia_translations.tar.gz 1:1.12.0-2ubuntu0.5 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Thu Apr 8 21:03:54 BST 2010
mediawiki (1:1.12.0-2ubuntu0.5) intrepid-security; urgency=low
* SECURITY UPDATE: MediaWiki was found to be vulnerable to login CSRF. An
attacker who controls a user account on the target wiki can force the
victim to login as the attacker, via a script on an external website.
IMPORTANT: Fix includes a breaking change to the API login action. Any
clients using it will need to be updated. (LP: #557159)
- debian/patches/CSRF-no-CVE_rev-64680.patch
- patch based on upstream SVN rev. 64680
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-April/000090.html
- https://bugzilla.wikimedia.org/show_bug.cgi?id=23076
- CVE-2010-1150
Date: Wed, 07 Apr 2010 11:56:02 +0200
Changed-By: Andreas Wenning <awen at awen.dk>
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
https://launchpad.net/ubuntu/intrepid/+source/mediawiki/1:1.12.0-2ubuntu0.5
-------------- next part --------------
Format: 1.8
Date: Wed, 07 Apr 2010 11:56:02 +0200
Source: mediawiki
Binary: mediawiki mediawiki-math
Architecture: source
Version: 1:1.12.0-2ubuntu0.5
Distribution: intrepid-security
Urgency: low
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
Changed-By: Andreas Wenning <awen at awen.dk>
Description:
mediawiki - website engine for collaborative work
mediawiki-math - math rendering plugin for MediaWiki
Launchpad-Bugs-Fixed: 557159
Changes:
mediawiki (1:1.12.0-2ubuntu0.5) intrepid-security; urgency=low
.
* SECURITY UPDATE: MediaWiki was found to be vulnerable to login CSRF. An
attacker who controls a user account on the target wiki can force the
victim to login as the attacker, via a script on an external website.
IMPORTANT: Fix includes a breaking change to the API login action. Any
clients using it will need to be updated. (LP: #557159)
- debian/patches/CSRF-no-CVE_rev-64680.patch
- patch based on upstream SVN rev. 64680
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-April/000090.html
- https://bugzilla.wikimedia.org/show_bug.cgi?id=23076
- CVE-2010-1150
Checksums-Sha1:
d4c822c907e717d18b1011cc4e2b5b4b80ceae41 1344 mediawiki_1.12.0-2ubuntu0.5.dsc
8f38548caa047613555a5ef8b3616ae15c88c6ce 62759 mediawiki_1.12.0-2ubuntu0.5.diff.gz
Checksums-Sha256:
9b237acedf3998cdd289c3791293d0baa5b22f831b8b956a55da78de3a2edf48 1344 mediawiki_1.12.0-2ubuntu0.5.dsc
87fdc5a0dfdb2ab446b87d48ee180ff4d3b0a2704e2e947be1a3b346bbf89722 62759 mediawiki_1.12.0-2ubuntu0.5.diff.gz
Files:
9f93e8505e38c03eef643f33fa7cbe10 1344 web optional mediawiki_1.12.0-2ubuntu0.5.dsc
5db9f52d2bb060943d41f2bbf6df1229 62759 web optional mediawiki_1.12.0-2ubuntu0.5.diff.gz
Original-Maintainer: Mediawiki Maintenance Team <pkg-mediawiki-devel at lists.alioth.debian.org>
More information about the Intrepid-changes
mailing list