[ubuntu/lucid] mediawiki 1:1.15.1-1ubuntu2 (Accepted)

Wed, 07 Apr 2010 05:31:56 -0700 

mediawiki (1:1.15.1-1ubuntu2) lucid; urgency=low

  * SECURITY UPDATE: MediaWiki was found to be vulnerable to login CSRF. An
    attacker who controls a user account on the target wiki can force the
    victim to login as the attacker, via a script on an external website.
    IMPORTANT: Fix includes a breaking change to the API login action. Any
    clients using it will need to be updated. (LP: #557159)
    - debian/patches/CSRF-no-CVE_rev-64680.patch
    - patch from upstream SVN rev. 64680
    - 
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-April/000090.html
    - https://bugzilla.wikimedia.org/show_bug.cgi?id=23076

Date: Wed, 07 Apr 2010 11:46:10 +0200
Changed-By: Andreas Wenning <[email protected]>
Maintainer: Ubuntu Developers <[email protected]>
https://launchpad.net/ubuntu/lucid/+source/mediawiki/1:1.15.1-1ubuntu2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 07 Apr 2010 11:46:10 +0200
Source: mediawiki
Binary: mediawiki mediawiki-math
Architecture: source
Version: 1:1.15.1-1ubuntu2
Distribution: lucid
Urgency: low
Maintainer: Ubuntu Developers <[email protected]>
Changed-By: Andreas Wenning <[email protected]>
Description: 
 mediawiki  - website engine for collaborative work
 mediawiki-math - math rendering plugin for MediaWiki
Changes: 
 mediawiki (1:1.15.1-1ubuntu2) lucid; urgency=low
 .
   * SECURITY UPDATE: MediaWiki was found to be vulnerable to login CSRF. An
     attacker who controls a user account on the target wiki can force the
     victim to login as the attacker, via a script on an external website.
     IMPORTANT: Fix includes a breaking change to the API login action. Any
     clients using it will need to be updated. (LP: #557159)
     - debian/patches/CSRF-no-CVE_rev-64680.patch
     - patch from upstream SVN rev. 64680
     - 
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-April/000090.html
     - https://bugzilla.wikimedia.org/show_bug.cgi?id=23076
Checksums-Sha1: 
 8f12ad2575f5d7b0e0bbbdd5907f37f73eb1eaee 1342 mediawiki_1.15.1-1ubuntu2.dsc
 9f87420360d8257d91e104478373ea383b5edc91 33943 
mediawiki_1.15.1-1ubuntu2.diff.gz
Checksums-Sha256: 
 737a60bf9e44c55990ceee85ab82d365b4301428c5ad517d2f1a9e5a1e212804 1342 
mediawiki_1.15.1-1ubuntu2.dsc
 d5401399268159953131a5e89a513d37072e21dba3e72dd778e228b210c6c236 33943 
mediawiki_1.15.1-1ubuntu2.diff.gz
Files: 
 5332a83fea29456cf4b91519dd7ad23b 1342 web optional 
mediawiki_1.15.1-1ubuntu2.dsc
 2fdd0da58f5252fe79dc2c3d8c987cec 33943 web optional 
mediawiki_1.15.1-1ubuntu2.diff.gz
Launchpad-Bugs-Fixed: 557159
Original-Maintainer: Mediawiki Maintenance Team 
<[email protected]>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAku8VXMACgkQrqdIgAQM9uGRPwCdHmqMPaFEiEaL8m6ZFwREwVVK
FFwAoKaaPnWuQUDqgp8SWLUxorYSp8Rn
=Jqwm
-----END PGP SIGNATURE-----

-- 
Lucid-changes mailing list
[email protected]
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

Reply via email to