This bug was fixed in the package mediawiki - 1:1.15.1-1ubuntu2
---------------
mediawiki (1:1.15.1-1ubuntu2) lucid; urgency=low
* SECURITY UPDATE: MediaWiki was found to be vulnerable to login CSRF. An
attacker who controls a user account on the target wiki can force the
victim to login as the attacker, via a script on an external website.
IMPORTANT: Fix includes a breaking change to the API login action. Any
clients using it will need to be updated. (LP: #557159)
- debian/patches/CSRF-no-CVE_rev-64680.patch
- patch from upstream SVN rev. 64680
-
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-April/000090.html
- https://bugzilla.wikimedia.org/show_bug.cgi?id=23076
-- Andreas Wenning <[email protected]> Wed, 07 Apr 2010 11:46:10 +0200
** Changed in: mediawiki (Ubuntu Lucid)
Status: Fix Committed => Fix Released
** Bug watch added: MediaWiki bug tracker #23076
https://bugzilla.wikipedia.org/show_bug.cgi?id=23076
--
1.15.3 security release: CSRF login vulnerability
https://bugs.launchpad.net/bugs/557159
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
