[ubuntu/jaunty-security] mediawiki_1.13.3-1ubuntu2.3_armel_translations.tar.gz, mediawiki_1.13.3-1ubuntu2.3_lpia_translations.tar.gz, mediawiki_1.13.3-1ubuntu2.3_ia64_translations.tar.gz, mediawiki_1.13.3-1ubuntu2.3_powerpc_translations.tar.gz, mediawiki, mediawiki_1.13.3-1ubuntu2.3_hppa_translations.tar.gz, mediawiki_1.13.3-1ubuntu2.3_sparc_translations.tar.gz (delayed), mediawiki_1.13.3-1ubuntu2.3_i386_translations.tar.gz, mediawiki_1.13.3-1ubuntu2.3_amd64_translations.tar.gz 1:1.13.3-1ubuntu2.3 (Accepted)

Ubuntu Installer archive at ubuntu.com
Wed Jun 2 20:03:37 BST 2010


mediawiki (1:1.13.3-1ubuntu2.3) jaunty-security; urgency=low

  * SECURITY UPDATE: A CSRF vulnerability was discovered in our login
    interface. Although regular logins are protected as of 1.15.3, it was
    discovered that the account creation and password reset features were not
    protected from CSRF. This could lead to unauthorised access to private
    wikis. (LP: #586773)
    - debian/patches/CSRF-Special-Userlogin-no-CVE_rev-66991.patch
    - patch from upstream SVN rev. 66991
    - http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
    - https://bugzilla.wikimedia.org/show_bug.cgi?id=23371
  * SECURITY UPDATE: Noncompliant CSS parsing behaviour in Internet Explorer
    allows attackers to construct CSS strings which are treated as safe by
    previous versions of MediaWiki, but are decoded to unsafe strings by
    Internet Explorer. (LP: #586773)
    - debian/patches/XSS-IE-no-CVE_rev-66992.patch
    - patch from upstream SVN rev. 66992
    - http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
    - https://bugzilla.wikimedia.org/show_bug.cgi?id=23687

Date: Mon, 31 May 2010 00:47:42 +0200
Changed-By: Andreas Wenning <awen at awen.dk>
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
https://launchpad.net/ubuntu/jaunty/+source/mediawiki/1:1.13.3-1ubuntu2.3
-------------- next part --------------
Format: 1.8
Date: Mon, 31 May 2010 00:47:42 +0200
Source: mediawiki
Binary: mediawiki mediawiki-math
Architecture: source
Version: 1:1.13.3-1ubuntu2.3
Distribution: jaunty-security
Urgency: low
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
Changed-By: Andreas Wenning <awen at awen.dk>
Description: 
 mediawiki  - website engine for collaborative work
 mediawiki-math - math rendering plugin for MediaWiki
Launchpad-Bugs-Fixed: 586773 586773
Changes: 
 mediawiki (1:1.13.3-1ubuntu2.3) jaunty-security; urgency=low
 .
   * SECURITY UPDATE: A CSRF vulnerability was discovered in our login
     interface. Although regular logins are protected as of 1.15.3, it was
     discovered that the account creation and password reset features were not
     protected from CSRF. This could lead to unauthorised access to private
     wikis. (LP: #586773)
     - debian/patches/CSRF-Special-Userlogin-no-CVE_rev-66991.patch
     - patch from upstream SVN rev. 66991
     - http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
     - https://bugzilla.wikimedia.org/show_bug.cgi?id=23371
   * SECURITY UPDATE: Noncompliant CSS parsing behaviour in Internet Explorer
     allows attackers to construct CSS strings which are treated as safe by
     previous versions of MediaWiki, but are decoded to unsafe strings by
     Internet Explorer. (LP: #586773)
     - debian/patches/XSS-IE-no-CVE_rev-66992.patch
     - patch from upstream SVN rev. 66992
     - http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
     - https://bugzilla.wikimedia.org/show_bug.cgi?id=23687
Checksums-Sha1: 
 71c1eb9cab468cc9e723917ece3f808a25f7b65b 1382 mediawiki_1.13.3-1ubuntu2.3.dsc
 a6c67d25f704a5e6ce47fd37c226277da1b40876 56906 mediawiki_1.13.3-1ubuntu2.3.diff.gz
Checksums-Sha256: 
 fdb840b6c00be83bfc44607d7ccd718dbf45f718d16ccb18b3b9d3fb285ed431 1382 mediawiki_1.13.3-1ubuntu2.3.dsc
 130866170893f4ff2a0f63f36e29314a3fdde8c047500cdb554a827f63478c7f 56906 mediawiki_1.13.3-1ubuntu2.3.diff.gz
Files: 
 8610d71a77ec56cd7469dbd95ed76196 1382 web optional mediawiki_1.13.3-1ubuntu2.3.dsc
 2de364f4e0eac3d311eb4decced95ab1 56906 web optional mediawiki_1.13.3-1ubuntu2.3.diff.gz
Original-Maintainer: Mediawiki Maintenance Team <pkg-mediawiki-devel at lists.alioth.debian.org>


More information about the Jaunty-changes mailing list