-
mediawiki (1:1.13.3-1ubuntu2.4) jaunty-security; urgency=low
* SECURITY UPDATE: Data leakage vulnerability in thumb.php affecting wikis
which restrict access to private files using eg. img_auth.php.
- CVE-2010-1190
- debian/patches/DataLeakage-CVE-2010-1190.patch
- patch from upstream SVN rev. 63436
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html
- LP: #603740
-- Andreas Wenning <email address hidden> Fri, 09 Jul 2010 22:26:21 +0200
-
mediawiki (1:1.13.3-1ubuntu2.3) jaunty-security; urgency=low
* SECURITY UPDATE: A CSRF vulnerability was discovered in our login
interface. Although regular logins are protected as of 1.15.3, it was
discovered that the account creation and password reset features were not
protected from CSRF. This could lead to unauthorised access to private
wikis. (LP: #586773)
- debian/patches/CSRF-Special-Userlogin-no-CVE_rev-66991.patch
- patch from upstream SVN rev. 66991
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
- https://bugzilla.wikimedia.org/show_bug.cgi?id=23371
* SECURITY UPDATE: Noncompliant CSS parsing behaviour in Internet Explorer
allows attackers to construct CSS strings which are treated as safe by
previous versions of MediaWiki, but are decoded to unsafe strings by
Internet Explorer. (LP: #586773)
- debian/patches/XSS-IE-no-CVE_rev-66992.patch
- patch from upstream SVN rev. 66992
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
- https://bugzilla.wikimedia.org/show_bug.cgi?id=23687
-- Andreas Wenning <email address hidden> Mon, 31 May 2010 00:47:42 +0200
-
mediawiki (1:1.13.3-1ubuntu2.2) jaunty-security; urgency=low
* SECURITY UPDATE: MediaWiki was found to be vulnerable to login CSRF. An
attacker who controls a user account on the target wiki can force the
victim to login as the attacker, via a script on an external website.
IMPORTANT: Fix includes a breaking change to the API login action. Any
clients using it will need to be updated. (LP: #557159)
- debian/patches/CSRF-no-CVE_rev-64680.patch
- patch based on upstream SVN rev. 64680
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-April/000090.html
- https://bugzilla.wikimedia.org/show_bug.cgi?id=23076
- CVE-2010-1150
-- Andreas Wenning <email address hidden> Wed, 07 Apr 2010 11:56:59 +0200
-
mediawiki (1:1.13.3-1ubuntu2.1) jaunty-security; urgency=low
* SECURITY UPDATE: CSS validation issue allowing external images to be included
into wikis where that is disallowed by conf. (LP: #537974)
- debian/patches/CSS-no-CVE_rev-63429.patch
- patch from upstream SVN rev. 63429
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html
-- Andreas Wenning <email address hidden> Fri, 12 Mar 2010 11:51:52 +0100
-
mediawiki (1:1.13.3-1ubuntu2) jaunty; urgency=low
* SECURITY UPDATE: Multiple cross-site scripting (XSS) vulnerabilities in
the web-based installer (config/index.php). (LP: #348858)
- CVE-2009-0737
- debian/patches/CVE-2009-0737.patch
- patch based on upstream patches for 1.13.4 and 1.13.5
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514547
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2009-February/000083.html
-- Andreas Wenning <email address hidden> Thu, 26 Mar 2009 09:25:16 +0100
-
mediawiki (1:1.13.3-1ubuntu1) jaunty; urgency=low
* includes/mime.types: Add mimetypes for opendocument files (LP: #314220 ).
-- Thomas Bechtold <email address hidden> Sat, 21 Feb 2009 15:49:26 +0100
-
mediawiki (1:1.13.3-1) unstable; urgency=low
* New upstream release.
* Fix CVE-2008-5249: XSS vulnerability in MediaWiki:
"An XSS vulnerability affecting all MediaWiki installations between
1.13.0 and 1.13.2."
Closes: #508868
* Fix CVE-2008-5250: several local script injection vulnerabilities
in MediaWiki:
"o A local script injection vulnerability affecting Internet Explorer
clients for all MediaWiki installations with uploads enabled.
o A local script injection vulnerability affecting clients with SVG
scripting capability (such as Firefox 1.5+), for all MediaWiki
installations with SVG uploads enabled."
Closes: #508869
* Fix CVE-2008-5252: CSRF vulnerability affecting the Special:Import
feature in MediaWiki:
"A CSRF vulnerability affecting the Special:Import feature, for all
MediaWiki installations since the feature was introduced in 1.3.0."
Closes: #508870
-- Ubuntu Archive Auto-Sync <email address hidden> Mon, 22 Dec 2008 12:45:24 +0000
-
mediawiki (1:1.13.2-1) unstable; urgency=low
* New upstream release
* Fix CVE-2008-4408: XSS in mediawiki:
"Cross-site scripting (XSS) vulnerability allows remote attackers
to inject arbitrary web script or HTML via the useskin parameter
to an unspecified component."
Closes: #501115
mediawiki (1:1.13.0-2) unstable; urgency=low
* Removed buggy postgresql patch
Closes: #497042
mediawiki (1:1.13.0-1) unstable; urgency=low
* New upstream release
* Fixed watch file. Closes: #490009
* Refreshed patches
* Bumped standard-version to 3.8.0
* Fixed latex-related dependencies in mediawiki-math
* Removed obsolete linda override, thanks lintian !
-- Ubuntu Archive Auto-Sync <email address hidden> Wed, 05 Nov 2008 10:40:53 +0000
-
mediawiki (1:1.12.0-2) unstable; urgency=low
* Fixed postgresql dependency
Closes: #472987
* Added instructions to install and upgrade
Closes: #472990, #472831
mediawiki (1:1.12.0-1) unstable; urgency=low
* New upstream release
* Updated patch for postfix support: dropped what
has been implemented upstream
* Refreshed other patches, thanks to quilt
* Changed postgresql recommends to "postgresql" package
Closes: #469582
-- Ubuntu Archive Auto-Sync <email address hidden> Fri, 02 May 2008 02:18:54 +0100
