[ubuntu/lucid-security] mediawiki_1.15.1-1ubuntu2.1_amd64_translations.tar.gz, mediawiki_1.15.1-1ubuntu2.1_armel_translations.tar.gz, mediawiki_1.15.1-1ubuntu2.1_ia64_translations.tar.gz, mediawiki, mediawiki_1.15.1-1ubuntu2.1_i386_translations.tar.gz, mediawiki_1.15.1-1ubuntu2.1_powerpc_translations.tar.gz, mediawiki_1.15.1-1ubuntu2.1_sparc_translations.tar.gz (delayed) 1:1.15.1-1ubuntu2.1 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Wed Jun 2 20:03:26 BST 2010
mediawiki (1:1.15.1-1ubuntu2.1) lucid-security; urgency=low
* SECURITY UPDATE: A CSRF vulnerability was discovered in our login
interface. Although regular logins are protected as of 1.15.3, it was
discovered that the account creation and password reset features were not
protected from CSRF. This could lead to unauthorised access to private
wikis. (LP: #586773)
- debian/patches/CSRF-Special-Userlogin-no-CVE_rev-66991.patch
- patch from upstream SVN rev. 66991
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
- https://bugzilla.wikimedia.org/show_bug.cgi?id=23371
* SECURITY UPDATE: Noncompliant CSS parsing behaviour in Internet Explorer
allows attackers to construct CSS strings which are treated as safe by
previous versions of MediaWiki, but are decoded to unsafe strings by
Internet Explorer. (LP: #586773)
- debian/patches/XSS-IE-no-CVE_rev-66992.patch
- patch from upstream SVN rev. 66992
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
- https://bugzilla.wikimedia.org/show_bug.cgi?id=23687
Date: Mon, 31 May 2010 00:49:12 +0200
Changed-By: Andreas Wenning <awen at awen.dk>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/mediawiki/1:1.15.1-1ubuntu2.1
-------------- next part --------------
Format: 1.8
Date: Mon, 31 May 2010 00:49:12 +0200
Source: mediawiki
Binary: mediawiki mediawiki-math
Architecture: source
Version: 1:1.15.1-1ubuntu2.1
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Andreas Wenning <awen at awen.dk>
Description:
mediawiki - website engine for collaborative work
mediawiki-math - math rendering plugin for MediaWiki
Launchpad-Bugs-Fixed: 586773 586773
Changes:
mediawiki (1:1.15.1-1ubuntu2.1) lucid-security; urgency=low
.
* SECURITY UPDATE: A CSRF vulnerability was discovered in our login
interface. Although regular logins are protected as of 1.15.3, it was
discovered that the account creation and password reset features were not
protected from CSRF. This could lead to unauthorised access to private
wikis. (LP: #586773)
- debian/patches/CSRF-Special-Userlogin-no-CVE_rev-66991.patch
- patch from upstream SVN rev. 66991
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
- https://bugzilla.wikimedia.org/show_bug.cgi?id=23371
* SECURITY UPDATE: Noncompliant CSS parsing behaviour in Internet Explorer
allows attackers to construct CSS strings which are treated as safe by
previous versions of MediaWiki, but are decoded to unsafe strings by
Internet Explorer. (LP: #586773)
- debian/patches/XSS-IE-no-CVE_rev-66992.patch
- patch from upstream SVN rev. 66992
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
- https://bugzilla.wikimedia.org/show_bug.cgi?id=23687
Checksums-Sha1:
60cfed49c1662108208422bf1762cd0307b5cc27 1389 mediawiki_1.15.1-1ubuntu2.1.dsc
db8d5ce314922b3188c4f9ffed1dd56f2b34a7e3 36189 mediawiki_1.15.1-1ubuntu2.1.diff.gz
Checksums-Sha256:
8629eb89c3caf8adb396e0ebddfe95f49da757e6378c8b12cdb302a3a7589d95 1389 mediawiki_1.15.1-1ubuntu2.1.dsc
0771f47b1ace72f4408c34d893461ca0bf34129fc500d4aa6ffa11455f19d133 36189 mediawiki_1.15.1-1ubuntu2.1.diff.gz
Files:
70d2a2c8b1ae696de70cde3d82eda96a 1389 web optional mediawiki_1.15.1-1ubuntu2.1.dsc
67ea49e9a5826a247cef3010dfe8dccf 36189 web optional mediawiki_1.15.1-1ubuntu2.1.diff.gz
Original-Maintainer: Mediawiki Maintenance Team <pkg-mediawiki-devel at lists.alioth.debian.org>
More information about the Lucid-changes
mailing list