mediawiki 1:1.12.0-2ubuntu0.2 source package in Ubuntu
Changelog
mediawiki (1:1.12.0-2ubuntu0.2) intrepid-security; urgency=low * SECURITY UPDATE: - CVE-2008-5249 - CVE-2008-5250 - CVE-2008-5252 - other security-related problems (see full patch description). - patch taken directly from Debian - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508870 - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508869 - http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html * debian/patches/CVE-2008-5249_CVE-2008-5250_CVE-2008-5252.patch: - Fixed output escaping for reporting of non-MediaWiki exceptions. Potential XSS if an extension throws one of these with user input. - Avoid fatal error in profileinfo.php when not configured. - Fixed CSRF vulnerability in Special:Import. Fixed input validation in transwiki import feature. - Add a .htaccess to deleted images directory for additional protection against exposure of deleted files with known SHA-1 hashes on default installations. - Fixed XSS vulnerability for Internet Explorer clients, via file uploads which are interpreted by IE as HTML. - Fixed XSS vulnerability for clients with SVG scripting, on wikis where SVG uploads are enabled. Firefox 1.5+ is affected. - Avoid streaming uploaded files to the user via index.php. This allows security-conscious users to serve uploaded files via a different domain, and thus client-side scripts executed from that domain cannot access the login cookies. Affects Special:Undelete, img_auth.php and thumb.php. - When streaming files via index.php, use the MIME type detected from the file extension, not from the data. This reduces the XSS attack surface. - Blacklist redirects via Special:Filepath. Such redirects exacerbate any XSS vulnerabilities involving uploads of files containing scripts. -- Andreas Wenning <email address hidden> Sun, 01 Feb 2009 08:53:13 +0100
Upload details
- Uploaded by:
- Andreas Wenning
- Sponsored by:
- Marc Deslauriers
- Uploaded to:
- Intrepid
- Original maintainer:
- MOTU
- Architectures:
- any
- Section:
- web
- Urgency:
- Low Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
mediawiki_1.12.0.orig.tar.gz | 6.9 MiB | 478b38b29f0f6e661b6c632f39e570d654f83c5069b69de2f187b43c20bc8809 |
mediawiki_1.12.0-2ubuntu0.2.diff.gz | 43.7 KiB | d9f8da875907c2980eab84c613d111165fbb75ae469ee37e81943493e5d2c124 |
mediawiki_1.12.0-2ubuntu0.2.dsc | 1.3 KiB | e92b47b7e24b2b4c85bd902ffa09515730146c40e6385a027a28d1454762a949 |
Available diffs
Binary packages built by this source
- mediawiki: No summary available for mediawiki in ubuntu intrepid.
No description available for mediawiki in ubuntu intrepid.
- mediawiki-math: No summary available for mediawiki-math in ubuntu intrepid.
No description available for mediawiki-math in ubuntu intrepid.