[ubuntu/lucid] mediawiki 1:1.15.1-1ubuntu2 (Accepted)

Andreas Wenning awen at awen.dk
Wed Apr 7 13:31:28 BST 2010 

mediawiki (1:1.15.1-1ubuntu2) lucid; urgency=low

  * SECURITY UPDATE: MediaWiki was found to be vulnerable to login CSRF. An
    attacker who controls a user account on the target wiki can force the
    victim to login as the attacker, via a script on an external website.
    IMPORTANT: Fix includes a breaking change to the API login action. Any
    clients using it will need to be updated. (LP: #557159)
    - debian/patches/CSRF-no-CVE_rev-64680.patch
    - patch from upstream SVN rev. 64680
    - http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-April/000090.html
    - https://bugzilla.wikimedia.org/show_bug.cgi?id=23076

Date: Wed, 07 Apr 2010 11:46:10 +0200
Changed-By: Andreas Wenning <awen at awen.dk>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/mediawiki/1:1.15.1-1ubuntu2
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 07 Apr 2010 11:46:10 +0200
Source: mediawiki
Binary: mediawiki mediawiki-math
Architecture: source
Version: 1:1.15.1-1ubuntu2
Distribution: lucid
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Andreas Wenning <awen at awen.dk>
Description: 
 mediawiki  - website engine for collaborative work
 mediawiki-math - math rendering plugin for MediaWiki
Changes: 
 mediawiki (1:1.15.1-1ubuntu2) lucid; urgency=low
 .
   * SECURITY UPDATE: MediaWiki was found to be vulnerable to login CSRF. An
     attacker who controls a user account on the target wiki can force the
     victim to login as the attacker, via a script on an external website.
     IMPORTANT: Fix includes a breaking change to the API login action. Any
     clients using it will need to be updated. (LP: #557159)
     - debian/patches/CSRF-no-CVE_rev-64680.patch
     - patch from upstream SVN rev. 64680
     - http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-April/000090.html
     - https://bugzilla.wikimedia.org/show_bug.cgi?id=23076
Checksums-Sha1: 
 8f12ad2575f5d7b0e0bbbdd5907f37f73eb1eaee 1342 mediawiki_1.15.1-1ubuntu2.dsc
 9f87420360d8257d91e104478373ea383b5edc91 33943 mediawiki_1.15.1-1ubuntu2.diff.gz
Checksums-Sha256: 
 737a60bf9e44c55990ceee85ab82d365b4301428c5ad517d2f1a9e5a1e212804 1342 mediawiki_1.15.1-1ubuntu2.dsc
 d5401399268159953131a5e89a513d37072e21dba3e72dd778e228b210c6c236 33943 mediawiki_1.15.1-1ubuntu2.diff.gz
Files: 
 5332a83fea29456cf4b91519dd7ad23b 1342 web optional mediawiki_1.15.1-1ubuntu2.dsc
 2fdd0da58f5252fe79dc2c3d8c987cec 33943 web optional mediawiki_1.15.1-1ubuntu2.diff.gz
Launchpad-Bugs-Fixed: 557159
Original-Maintainer: Mediawiki Maintenance Team <pkg-mediawiki-devel at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAku8VXMACgkQrqdIgAQM9uGRPwCdHmqMPaFEiEaL8m6ZFwREwVVK
FFwAoKaaPnWuQUDqgp8SWLUxorYSp8Rn
=Jqwm
-----END PGP SIGNATURE-----

More information about the Lucid-changes mailing list