Ubuntu
mediawiki package

Branches for Lucid

Name Status Last Modified Last Commit
lp:ubuntu/lucid-security/mediawiki bug 2 Mature 2010-06-04 05:40:40 UTC
25. * SECURITY UPDATE: A CSRF vulnerabili...

Author: Andreas Wenning
Revision Date: 2010-05-31 00:49:12 UTC

* SECURITY UPDATE: A CSRF vulnerability was discovered in our login
  interface. Although regular logins are protected as of 1.15.3, it was
  discovered that the account creation and password reset features were not
  protected from CSRF. This could lead to unauthorised access to private
  wikis. (LP: #586773)
  - debian/patches/CSRF-Special-Userlogin-no-CVE_rev-66991.patch
  - patch from upstream SVN rev. 66991
  - http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
  - https://bugzilla.wikimedia.org/show_bug.cgi?id=23371
* SECURITY UPDATE: Noncompliant CSS parsing behaviour in Internet Explorer
  allows attackers to construct CSS strings which are treated as safe by
  previous versions of MediaWiki, but are decoded to unsafe strings by
  Internet Explorer. (LP: #586773)
  - debian/patches/XSS-IE-no-CVE_rev-66992.patch
  - patch from upstream SVN rev. 66992
  - http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
  - https://bugzilla.wikimedia.org/show_bug.cgi?id=23687
lp:ubuntu/lucid-updates/mediawiki 2 Mature 2010-06-04 05:40:37 UTC
25. * SECURITY UPDATE: A CSRF vulnerabili...

Author: Andreas Wenning
Revision Date: 2010-05-31 00:49:12 UTC

* SECURITY UPDATE: A CSRF vulnerability was discovered in our login
  interface. Although regular logins are protected as of 1.15.3, it was
  discovered that the account creation and password reset features were not
  protected from CSRF. This could lead to unauthorised access to private
  wikis. (LP: #586773)
  - debian/patches/CSRF-Special-Userlogin-no-CVE_rev-66991.patch
  - patch from upstream SVN rev. 66991
  - http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
  - https://bugzilla.wikimedia.org/show_bug.cgi?id=23371
* SECURITY UPDATE: Noncompliant CSS parsing behaviour in Internet Explorer
  allows attackers to construct CSS strings which are treated as safe by
  previous versions of MediaWiki, but are decoded to unsafe strings by
  Internet Explorer. (LP: #586773)
  - debian/patches/XSS-IE-no-CVE_rev-66992.patch
  - patch from upstream SVN rev. 66992
  - http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
  - https://bugzilla.wikimedia.org/show_bug.cgi?id=23687
lp:ubuntu/lucid/mediawiki bug 1 Development 2010-04-07 12:45:58 UTC
24. * SECURITY UPDATE: MediaWiki was foun...

Author: Andreas Wenning
Revision Date: 2010-04-07 11:46:10 UTC

* SECURITY UPDATE: MediaWiki was found to be vulnerable to login CSRF. An
  attacker who controls a user account on the target wiki can force the
  victim to login as the attacker, via a script on an external website.
  IMPORTANT: Fix includes a breaking change to the API login action. Any
  clients using it will need to be updated. (LP: #557159)
  - debian/patches/CSRF-no-CVE_rev-64680.patch
  - patch from upstream SVN rev. 64680
  - http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-April/000090.html
  - https://bugzilla.wikimedia.org/show_bug.cgi?id=23076
13 of 3 results FirstPreviousNextLast