[ubuntu/maverick] mediawiki 1:1.15.1-1ubuntu3 (Accepted)

[Andreas Wenning]

mediawiki (1:1.15.1-1ubuntu3) maverick; urgency=low

  * SECURITY UPDATE: A CSRF vulnerability was discovered in our login
    interface. Although regular logins are protected as of 1.15.3, it was
    discovered that the account creation and password reset features were not
    protected from CSRF. This could lead to unauthorised access to private
    wikis. (LP: #586773)
    - debian/patches/CSRF-Special-Userlogin-no-CVE_rev-66991.patch
    - patch from upstream SVN rev. 66991
    - 
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
    - https://bugzilla.wikimedia.org/show_bug.cgi?id=23371
  * SECURITY UPDATE: Noncompliant CSS parsing behaviour in Internet Explorer
    allows attackers to construct CSS strings which are treated as safe by
    previous versions of MediaWiki, but are decoded to unsafe strings by
    Internet Explorer. (LP: #586773)
    - debian/patches/XSS-IE-no-CVE_rev-66992.patch
    - patch from upstream SVN rev. 66992
    - 
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
    - https://bugzilla.wikimedia.org/show_bug.cgi?id=23687

Date: Mon, 31 May 2010 00:49:46 +0200
Changed-By: Andreas Wenning <a...@awen.dk>
Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com>
https://launchpad.net/ubuntu/maverick/+source/mediawiki/1:1.15.1-1ubuntu3

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 31 May 2010 00:49:46 +0200
Source: mediawiki
Binary: mediawiki mediawiki-math
Architecture: source
Version: 1:1.15.1-1ubuntu3
Distribution: maverick
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com>
Changed-By: Andreas Wenning <a...@awen.dk>
Description: 
 mediawiki  - website engine for collaborative work
 mediawiki-math - math rendering plugin for MediaWiki
Launchpad-Bugs-Fixed: 586773 586773
Changes: 
 mediawiki (1:1.15.1-1ubuntu3) maverick; urgency=low
 .
   * SECURITY UPDATE: A CSRF vulnerability was discovered in our login
     interface. Although regular logins are protected as of 1.15.3, it was
     discovered that the account creation and password reset features were not
     protected from CSRF. This could lead to unauthorised access to private
     wikis. (LP: #586773)
     - debian/patches/CSRF-Special-Userlogin-no-CVE_rev-66991.patch
     - patch from upstream SVN rev. 66991
     - 
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
     - https://bugzilla.wikimedia.org/show_bug.cgi?id=23371
   * SECURITY UPDATE: Noncompliant CSS parsing behaviour in Internet Explorer
     allows attackers to construct CSS strings which are treated as safe by
     previous versions of MediaWiki, but are decoded to unsafe strings by
     Internet Explorer. (LP: #586773)
     - debian/patches/XSS-IE-no-CVE_rev-66992.patch
     - patch from upstream SVN rev. 66992
     - 
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
     - https://bugzilla.wikimedia.org/show_bug.cgi?id=23687
Checksums-Sha1: 
 b3698ff4bafde8fcc8c4fd1415ae67276e572ff1 1343 mediawiki_1.15.1-1ubuntu3.dsc
 4b9a3aaf8526d3beb75631937fd2f43cddf1c801 35976 
mediawiki_1.15.1-1ubuntu3.diff.gz
Checksums-Sha256: 
 f17d847631b8e36b9f30252a49a4c2c937cfb778abfe4ac30ca84ce23613eb63 1343 
mediawiki_1.15.1-1ubuntu3.dsc
 87dca26b47923f4ff475f9b7f4f2d30aaa21c62ffe53632f142e29ad04447ded 35976 
mediawiki_1.15.1-1ubuntu3.diff.gz
Files: 
 b041905209e39c45d158f0d144a79840 1343 web optional 
mediawiki_1.15.1-1ubuntu3.dsc
 2bf99e7d7bc9466e674340a06579b5e0 35976 web optional 
mediawiki_1.15.1-1ubuntu3.diff.gz
Original-Maintainer: Mediawiki Maintenance Team 
<pkg-mediawiki-de...@lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkwC66IACgkQrqdIgAQM9uEABgCgsnh7RNtzzi+DOa7PTvNMjmkV
6+sAn1j116/aGQlmKPyByQCpmt8H806s
=c4Bw
-----END PGP SIGNATURE-----

-- 
Maverick-changes mailing list
Maverick-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/maverick-changes