This bug was fixed in the package mediawiki - 1:1.11.2-2ubuntu0.5 --------------- mediawiki (1:1.11.2-2ubuntu0.5) hardy-security; urgency=low
* SECURITY UPDATE: MediaWiki was found to be vulnerable to login CSRF. An attacker who controls a user account on the target wiki can force the victim to login as the attacker, via a script on an external website. IMPORTANT: Fix includes a breaking change to the API login action. Any clients using it will need to be updated. (LP: #557159) - debian/patches/CSRF-no-CVE_rev-64680.patch - patch based on upstream SVN rev. 64680 - http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-April/000090.html - https://bugzilla.wikimedia.org/show_bug.cgi?id=23076 - CVE-2010-1150 -- Andreas Wenning <a...@awen.dk> Wed, 07 Apr 2010 12:08:55 +0200 -- 1.15.3 security release: CSRF login vulnerability https://bugs.launchpad.net/bugs/557159 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs