[ubuntu/karmic-security] mediawiki_1.15.0-1.1ubuntu0.3_amd64_translations.tar.gz, mediawiki_1.15.0-1.1ubuntu0.3_ia64_translations.tar.gz, mediawiki_1.15.0-1.1ubuntu0.3_i386_translations.tar.gz, mediawiki_1.15.0-1.1ubuntu0.3_lpia_translations.tar.gz, mediawiki_1.15.0-1.1ubuntu0.3_armel_translations.tar.gz, mediawiki, mediawiki_1.15.0-1.1ubuntu0.3_powerpc_translations.tar.gz, mediawiki_1.15.0-1.1ubuntu0.3_sparc_translations.tar.gz (delayed) 1:1.15.0-1.1ubuntu0.3 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Wed Jun 2 20:03:31 BST 2010
mediawiki (1:1.15.0-1.1ubuntu0.3) karmic-security; urgency=low
* SECURITY UPDATE: A CSRF vulnerability was discovered in our login
interface. Although regular logins are protected as of 1.15.3, it was
discovered that the account creation and password reset features were not
protected from CSRF. This could lead to unauthorised access to private
wikis. (LP: #586773)
- debian/patches/CSRF-Special-Userlogin-no-CVE_rev-66991.patch
- patch from upstream SVN rev. 66991
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
- https://bugzilla.wikimedia.org/show_bug.cgi?id=23371
* SECURITY UPDATE: Noncompliant CSS parsing behaviour in Internet Explorer
allows attackers to construct CSS strings which are treated as safe by
previous versions of MediaWiki, but are decoded to unsafe strings by
Internet Explorer. (LP: #586773)
- debian/patches/XSS-IE-no-CVE_rev-66992.patch
- patch from upstream SVN rev. 66992
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
- https://bugzilla.wikimedia.org/show_bug.cgi?id=23687
Date: Mon, 31 May 2010 00:48:35 +0200
Changed-By: Andreas Wenning <awen at awen.dk>
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
https://launchpad.net/ubuntu/karmic/+source/mediawiki/1:1.15.0-1.1ubuntu0.3
-------------- next part --------------
Format: 1.8
Date: Mon, 31 May 2010 00:48:35 +0200
Source: mediawiki
Binary: mediawiki mediawiki-math
Architecture: source
Version: 1:1.15.0-1.1ubuntu0.3
Distribution: karmic-security
Urgency: low
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
Changed-By: Andreas Wenning <awen at awen.dk>
Description:
mediawiki - website engine for collaborative work
mediawiki-math - math rendering plugin for MediaWiki
Changes:
mediawiki (1:1.15.0-1.1ubuntu0.3) karmic-security; urgency=low
.
* SECURITY UPDATE: A CSRF vulnerability was discovered in our login
interface. Although regular logins are protected as of 1.15.3, it was
discovered that the account creation and password reset features were not
protected from CSRF. This could lead to unauthorised access to private
wikis. (LP: #586773)
- debian/patches/CSRF-Special-Userlogin-no-CVE_rev-66991.patch
- patch from upstream SVN rev. 66991
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
- https://bugzilla.wikimedia.org/show_bug.cgi?id=23371
* SECURITY UPDATE: Noncompliant CSS parsing behaviour in Internet Explorer
allows attackers to construct CSS strings which are treated as safe by
previous versions of MediaWiki, but are decoded to unsafe strings by
Internet Explorer. (LP: #586773)
- debian/patches/XSS-IE-no-CVE_rev-66992.patch
- patch from upstream SVN rev. 66992
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
- https://bugzilla.wikimedia.org/show_bug.cgi?id=23687
Checksums-Sha1:
1346d5711d5483a7513e6b8aad67a47ecf8595a0 1393 mediawiki_1.15.0-1.1ubuntu0.3.dsc
05f8b5ce043cab8efdd0a30e5e2f0953f9999dcd 35528 mediawiki_1.15.0-1.1ubuntu0.3.diff.gz
Checksums-Sha256:
98e9496baa15a969bbd31345a87cf39c754411a2801aad65c4756cc0ddb9e957 1393 mediawiki_1.15.0-1.1ubuntu0.3.dsc
e2825f8e26d9918dbf3ee7d3ccdc857b994d05891d7c9ca2765a5381b9ecfa94 35528 mediawiki_1.15.0-1.1ubuntu0.3.diff.gz
Files:
c82fd5556c019171f7d68fda285dcc60 1393 web optional mediawiki_1.15.0-1.1ubuntu0.3.dsc
bce7296bf54190aa8b5790e2433650a5 35528 web optional mediawiki_1.15.0-1.1ubuntu0.3.diff.gz
Launchpad-Bugs-Fixed: 586773 586773
Original-Maintainer: Mediawiki Maintenance Team <pkg-mediawiki-devel at lists.alioth.debian.org>
More information about the Karmic-changes
mailing list