[ubuntu/jaunty-security] mediawiki_1.13.3-1ubuntu2.2_hppa_translations.tar.gz, mediawiki_1.13.3-1ubuntu2.2_lpia_translations.tar.gz, mediawiki_1.13.3-1ubuntu2.2_armel_translations.tar.gz, mediawiki_1.13.3-1ubuntu2.2_sparc_translations.tar.gz (delayed), mediawiki_1.13.3-1ubuntu2.2_amd64_translations.tar.gz, mediawiki_1.13.3-1ubuntu2.2_ia64_translations.tar.gz, mediawiki, mediawiki_1.13.3-1ubuntu2.2_i386_translations.tar.gz, mediawiki_1.13.3-1ubuntu2.2_powerpc_translations.tar.gz 1:1.13.3-1ubuntu2.2 (Accepted)

Ubuntu Installer archive at ubuntu.com
Thu Apr 8 21:03:33 BST 2010


mediawiki (1:1.13.3-1ubuntu2.2) jaunty-security; urgency=low

  * SECURITY UPDATE: MediaWiki was found to be vulnerable to login CSRF. An
    attacker who controls a user account on the target wiki can force the
    victim to login as the attacker, via a script on an external website.
    IMPORTANT: Fix includes a breaking change to the API login action. Any
    clients using it will need to be updated. (LP: #557159)
    - debian/patches/CSRF-no-CVE_rev-64680.patch
    - patch based on upstream SVN rev. 64680
    - http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-April/000090.html
    - https://bugzilla.wikimedia.org/show_bug.cgi?id=23076
    - CVE-2010-1150

Date: Wed, 07 Apr 2010 11:56:59 +0200
Changed-By: Andreas Wenning <awen at awen.dk>
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
https://launchpad.net/ubuntu/jaunty/+source/mediawiki/1:1.13.3-1ubuntu2.2
-------------- next part --------------
Format: 1.8
Date: Wed, 07 Apr 2010 11:56:59 +0200
Source: mediawiki
Binary: mediawiki mediawiki-math
Architecture: source
Version: 1:1.13.3-1ubuntu2.2
Distribution: jaunty-security
Urgency: low
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
Changed-By: Andreas Wenning <awen at awen.dk>
Description: 
 mediawiki  - website engine for collaborative work
 mediawiki-math - math rendering plugin for MediaWiki
Launchpad-Bugs-Fixed: 557159
Changes: 
 mediawiki (1:1.13.3-1ubuntu2.2) jaunty-security; urgency=low
 .
   * SECURITY UPDATE: MediaWiki was found to be vulnerable to login CSRF. An
     attacker who controls a user account on the target wiki can force the
     victim to login as the attacker, via a script on an external website.
     IMPORTANT: Fix includes a breaking change to the API login action. Any
     clients using it will need to be updated. (LP: #557159)
     - debian/patches/CSRF-no-CVE_rev-64680.patch
     - patch based on upstream SVN rev. 64680
     - http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-April/000090.html
     - https://bugzilla.wikimedia.org/show_bug.cgi?id=23076
     - CVE-2010-1150
Checksums-Sha1: 
 6f907ecf6981aafaf1cff529181e9f32b610507e 1344 mediawiki_1.13.3-1ubuntu2.2.dsc
 a0df2a9d58cdf7be39c7b7b71ff1d6046d030f1b 53903 mediawiki_1.13.3-1ubuntu2.2.diff.gz
Checksums-Sha256: 
 1219cf2bbb347903c3e20ab66f434e29295741c76ca50e200fdb4f30d828a6ee 1344 mediawiki_1.13.3-1ubuntu2.2.dsc
 eb389ec5148d2721d6cfc51beee9702a245e969c7d383944266cd9c523199d5a 53903 mediawiki_1.13.3-1ubuntu2.2.diff.gz
Files: 
 51a0febba97c8041b514e21c3ac1b764 1344 web optional mediawiki_1.13.3-1ubuntu2.2.dsc
 bd4299d40a840cbfcc783aa6ca222e5e 53903 web optional mediawiki_1.13.3-1ubuntu2.2.diff.gz
Original-Maintainer: Mediawiki Maintenance Team <pkg-mediawiki-devel at lists.alioth.debian.org>


More information about the Jaunty-changes mailing list