Format: 1.8
Date: Sun, 19 Dec 2021 12:56:25 -0800
Source: mediawiki
Architecture: source
Version: 1:1.31.7-1ubuntu0.1
Distribution: focal-security
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Changed-By: Kunal Mehta <legoktm@debian.org>
Launchpad-Bugs-Fixed: 1955352
Changes:
 mediawiki (1:1.31.7-1ubuntu0.1) focal-security; urgency=high
 .
   * SECURITY UPDATE: Information leak and editing permissions bypass
     through various actions (LP: #1955352)
     - d/p/0002-SECURITY-Fix-permissions-checks-in-undo-action-CVE-2.patch:
       tighten and require edit checks on undo actions
     - d/p/0003-SECURITY-Require-read-right-for-most-actions.patch
       ensure "read" permission required on $wgWhitelistRead pages
     - CVE-2021-44858
Checksums-Sha1:
 f2068e5ce95566b9b2e44a79d8647815aa3193eb 2454 mediawiki_1.31.7-1ubuntu0.1.dsc
 207c082e80862ca9fc3c314d11f825ea9d5d165e 99720 mediawiki_1.31.7-1ubuntu0.1.debian.tar.xz
 d105e98ec08f7e81f19be9b88e762e7a6b37f91c 7225 mediawiki_1.31.7-1ubuntu0.1_source.buildinfo
Checksums-Sha256:
 bd5f8d88998c9cf0241309f52e729a8332b0836e88332cc46af2ff65a468a398 2454 mediawiki_1.31.7-1ubuntu0.1.dsc
 e63cd01bc40274e2f2ed50ab4a786b24370bcd668cf4cf4dd2b54771108b763d 99720 mediawiki_1.31.7-1ubuntu0.1.debian.tar.xz
 fe299679aa95de995a66418e2401d03de3fc65ac47ddc4029fa61a001bbf0993 7225 mediawiki_1.31.7-1ubuntu0.1_source.buildinfo
Files:
 1e4789b35794ad8b8ce6b447c1f18c48 2454 web optional mediawiki_1.31.7-1ubuntu0.1.dsc
 94392195aeaadf54605a0238673c6419 99720 web optional mediawiki_1.31.7-1ubuntu0.1.debian.tar.xz
 e567fbbe65dcfa0849097ec8d34b31c3 7225 web optional mediawiki_1.31.7-1ubuntu0.1_source.buildinfo
Original-Maintainer: Kunal Mehta <legoktm@debian.org>