mediawiki 1:1.15.4-1 source package in Ubuntu
Changelog
mediawiki (1:1.15.4-1) unstable; urgency=high [ Jonathan Wiltshire ] * New upstream security release (closes: #585918). * CVE-2010-1647: Fix a cross-site scripting (XSS) vulnerability which allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) strings that are processed as script by Internet Explorer. * CVE-2010-1648: Fix a cross-site request forgery (CSRF) vulnerability in the login interface which allows remote attackers to hijack the authentication of users for requests that (1) create accounts or (2) reset passwords, related to the Special:Userlogin form. [ Romain Beauxis ] * Put debian's package version in declared version. Should help sysadmins to keep track of installed versions, in particular with regard to security updates. * Added Jonathan Wiltshire to uploaders. * Do not clan math dir if it does not exist (for instance when running clean from SVN). mediawiki (1:1.15.3-1) unstable; urgency=high * New upstream release. * Fixes security issue: "MediaWiki was found to be vulnerable to login CSRF. An attacker who controls a user account on the target wiki can force the victim to log in as the attacker, via a script on an external website. If the wiki is configured to allow user scripts, say with "$wgAllowUserJs = true" in LocalSettings.php, then the attacker can proceed to mount a phishing-style attack against the victim to obtain their password." mediawiki (1:1.15.2-1) unstable; urgency=high * New upstream release. * Fixes security issue: "Two security issues were discovered: A CSS validation issue was discovered which allows editors to display external images in wiki pages. This is a privacy concern on public wikis, since a malicious user may link to an image on a server they control, which would allow that attacker to gather IP addresses and other information from users of the public wiki. All sites running publicly-editable MediaWiki installations are advised to upgrade. All versions of MediaWiki (prior to this one) are affected. A data leakage vulnerability was discovered in thumb.php which affects wikis which restrict access to private files using img_auth.php, or some similar scheme. All versions of MediaWiki since 1.5 are affected." * Updated standards. * Removed section about upgrading from mediawiki1.x packages in README.Debian since they do not exist in any supported distribution anymore. * Switched php5-gd and imagemagick in Suggests. Closes: #542008 * Backported patch from revision 51083 to fix a bug with invalid titles. Closes: #537134 * Backported patch from revision 61090 to add a unique guid per RSS feed element. Closes: #383130 * Refreshed patches. -- Andreas Wenning <email address hidden> Tue, 22 Jun 2010 17:58:17 +0100
Upload details
- Uploaded by:
- Andreas Wenning
- Uploaded to:
- Maverick
- Original maintainer:
- Mediawiki Maintainance Team
- Architectures:
- any
- Section:
- web
- Urgency:
- Very Urgent
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
mediawiki_1.15.4.orig.tar.gz | 11.0 MiB | c9ef415f13efc6b450276d0e7d0d488f4a113bf9c999f411ebb12b0b693a8eae |
mediawiki_1.15.4-1.diff.gz | 30.6 KiB | 635e941adc932a099bd6582efc4c5c45ddc047003fd77ca16e7eebe994bc164a |
mediawiki_1.15.4-1.dsc | 1.5 KiB | 2ae5b6dbcd2d1bb23c6c2b38a0b246ef476474e7333dcaacafd93ce92d46effb |
Available diffs
Binary packages built by this source
- mediawiki: No summary available for mediawiki in ubuntu maverick.
No description available for mediawiki in ubuntu maverick.
- mediawiki-math: No summary available for mediawiki-math in ubuntu maverick.
No description available for mediawiki-math in ubuntu maverick.