[ubuntu/karmic-security] mediawiki_1.15.0-1.1ubuntu0.2_powerpc_translations.tar.gz, mediawiki_1.15.0-1.1ubuntu0.2_ia64_translations.tar.gz, mediawiki_1.15.0-1.1ubuntu0.2_lpia_translations.tar.gz, mediawiki_1.15.0-1.1ubuntu0.2_armel_translations.tar.gz, mediawiki, mediawiki_1.15.0-1.1ubuntu0.2_sparc_translations.tar.gz (delayed), mediawiki_1.15.0-1.1ubuntu0.2_i386_translations.tar.gz, mediawiki_1.15.0-1.1ubuntu0.2_amd64_translations.tar.gz 1:1.15.0-1.1ubuntu0.2 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Thu Apr 8 21:03:24 BST 2010
mediawiki (1:1.15.0-1.1ubuntu0.2) karmic-security; urgency=low
* SECURITY UPDATE: MediaWiki was found to be vulnerable to login CSRF. An
attacker who controls a user account on the target wiki can force the
victim to login as the attacker, via a script on an external website.
IMPORTANT: Fix includes a breaking change to the API login action. Any
clients using it will need to be updated. (LP: #557159)
- debian/patches/CSRF-no-CVE_rev-64680.patch
- patch from upstream SVN rev. 64680
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-April/000090.html
- https://bugzilla.wikimedia.org/show_bug.cgi?id=23076
- CVE-2010-1150
Date: Wed, 07 Apr 2010 11:52:21 +0200
Changed-By: Andreas Wenning <awen at awen.dk>
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
https://launchpad.net/ubuntu/karmic/+source/mediawiki/1:1.15.0-1.1ubuntu0.2
-------------- next part --------------
Format: 1.8
Date: Wed, 07 Apr 2010 11:52:21 +0200
Source: mediawiki
Binary: mediawiki mediawiki-math
Architecture: source
Version: 1:1.15.0-1.1ubuntu0.2
Distribution: karmic-security
Urgency: low
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
Changed-By: Andreas Wenning <awen at awen.dk>
Description:
mediawiki - website engine for collaborative work
mediawiki-math - math rendering plugin for MediaWiki
Changes:
mediawiki (1:1.15.0-1.1ubuntu0.2) karmic-security; urgency=low
.
* SECURITY UPDATE: MediaWiki was found to be vulnerable to login CSRF. An
attacker who controls a user account on the target wiki can force the
victim to login as the attacker, via a script on an external website.
IMPORTANT: Fix includes a breaking change to the API login action. Any
clients using it will need to be updated. (LP: #557159)
- debian/patches/CSRF-no-CVE_rev-64680.patch
- patch from upstream SVN rev. 64680
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-April/000090.html
- https://bugzilla.wikimedia.org/show_bug.cgi?id=23076
- CVE-2010-1150
Checksums-Sha1:
1722aa9e1ec0647238a5ec816938202dc33078b6 1355 mediawiki_1.15.0-1.1ubuntu0.2.dsc
02bf1a36555ade469a71de6baa1383f38d07cb8b 32993 mediawiki_1.15.0-1.1ubuntu0.2.diff.gz
Checksums-Sha256:
a06bea11146b2bee2d90244193b62f0f6131aa7852ebe4eef270d349da7a9250 1355 mediawiki_1.15.0-1.1ubuntu0.2.dsc
88e2e5026b0d7eab36bab7acdfbcfdb8359f5e8919a548dd93c27da867e58317 32993 mediawiki_1.15.0-1.1ubuntu0.2.diff.gz
Files:
d48d9a5e68d4ebd58f10ecc533e63316 1355 web optional mediawiki_1.15.0-1.1ubuntu0.2.dsc
3ea231bf5728b2af73c63923827e8703 32993 web optional mediawiki_1.15.0-1.1ubuntu0.2.diff.gz
Launchpad-Bugs-Fixed: 557159
Original-Maintainer: Mediawiki Maintenance Team <pkg-mediawiki-devel at lists.alioth.debian.org>
More information about the Karmic-changes
mailing list