[ubuntu/maverick] mediawiki 1:1.15.1-1ubuntu3 (Accepted)
Andreas Wenning
awen at awen.dk
Mon May 31 00:00:20 BST 2010
mediawiki (1:1.15.1-1ubuntu3) maverick; urgency=low
* SECURITY UPDATE: A CSRF vulnerability was discovered in our login
interface. Although regular logins are protected as of 1.15.3, it was
discovered that the account creation and password reset features were not
protected from CSRF. This could lead to unauthorised access to private
wikis. (LP: #586773)
- debian/patches/CSRF-Special-Userlogin-no-CVE_rev-66991.patch
- patch from upstream SVN rev. 66991
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
- https://bugzilla.wikimedia.org/show_bug.cgi?id=23371
* SECURITY UPDATE: Noncompliant CSS parsing behaviour in Internet Explorer
allows attackers to construct CSS strings which are treated as safe by
previous versions of MediaWiki, but are decoded to unsafe strings by
Internet Explorer. (LP: #586773)
- debian/patches/XSS-IE-no-CVE_rev-66992.patch
- patch from upstream SVN rev. 66992
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
- https://bugzilla.wikimedia.org/show_bug.cgi?id=23687
Date: Mon, 31 May 2010 00:49:46 +0200
Changed-By: Andreas Wenning <awen at awen.dk>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/maverick/+source/mediawiki/1:1.15.1-1ubuntu3
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 31 May 2010 00:49:46 +0200
Source: mediawiki
Binary: mediawiki mediawiki-math
Architecture: source
Version: 1:1.15.1-1ubuntu3
Distribution: maverick
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Andreas Wenning <awen at awen.dk>
Description:
mediawiki - website engine for collaborative work
mediawiki-math - math rendering plugin for MediaWiki
Launchpad-Bugs-Fixed: 586773 586773
Changes:
mediawiki (1:1.15.1-1ubuntu3) maverick; urgency=low
.
* SECURITY UPDATE: A CSRF vulnerability was discovered in our login
interface. Although regular logins are protected as of 1.15.3, it was
discovered that the account creation and password reset features were not
protected from CSRF. This could lead to unauthorised access to private
wikis. (LP: #586773)
- debian/patches/CSRF-Special-Userlogin-no-CVE_rev-66991.patch
- patch from upstream SVN rev. 66991
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
- https://bugzilla.wikimedia.org/show_bug.cgi?id=23371
* SECURITY UPDATE: Noncompliant CSS parsing behaviour in Internet Explorer
allows attackers to construct CSS strings which are treated as safe by
previous versions of MediaWiki, but are decoded to unsafe strings by
Internet Explorer. (LP: #586773)
- debian/patches/XSS-IE-no-CVE_rev-66992.patch
- patch from upstream SVN rev. 66992
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
- https://bugzilla.wikimedia.org/show_bug.cgi?id=23687
Checksums-Sha1:
b3698ff4bafde8fcc8c4fd1415ae67276e572ff1 1343 mediawiki_1.15.1-1ubuntu3.dsc
4b9a3aaf8526d3beb75631937fd2f43cddf1c801 35976 mediawiki_1.15.1-1ubuntu3.diff.gz
Checksums-Sha256:
f17d847631b8e36b9f30252a49a4c2c937cfb778abfe4ac30ca84ce23613eb63 1343 mediawiki_1.15.1-1ubuntu3.dsc
87dca26b47923f4ff475f9b7f4f2d30aaa21c62ffe53632f142e29ad04447ded 35976 mediawiki_1.15.1-1ubuntu3.diff.gz
Files:
b041905209e39c45d158f0d144a79840 1343 web optional mediawiki_1.15.1-1ubuntu3.dsc
2bf99e7d7bc9466e674340a06579b5e0 35976 web optional mediawiki_1.15.1-1ubuntu3.diff.gz
Original-Maintainer: Mediawiki Maintenance Team <pkg-mediawiki-devel at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkwC66IACgkQrqdIgAQM9uEABgCgsnh7RNtzzi+DOa7PTvNMjmkV
6+sAn1j116/aGQlmKPyByQCpmt8H806s
=c4Bw
-----END PGP SIGNATURE-----
More information about the Maverick-changes
mailing list