Sorry, me misreading the mediawiki bug tracker. This is not CVE-2014-2665 , but the fix for that cve broke the password recovery function is intended to protect: http://www.mediawiki.org/wiki/Thread:Project:Support_desk/Session_Hijacking_error_after_Update_1.19.14
But still, the mediawiki package is unpatched for CVE-2014-3966 , CVE-2014-5243 and CVE-2014-5241 , all of which is fixed in the utopic package. ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-3966 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-5241 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-5243 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1370227 Title: Mediawiki package vulnerable to CVE-2014-2665 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mediawiki/+bug/1370227/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
