* SECURITY UPDATE: CSS validation issue allowing external images to be included
into wikis where that is disallowed by conf. (LP: #537974)
- debian/patches/CSS-no-CVE_rev-63429.patch
- patch from upstream SVN rev. 63429
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html
* SECURITY UPDATE: Data leakage vulnerability in thumb.php affecting wikis
which restrict access to private files using eg. img_auth.php.
- debian/patches/DataLeakage-no-CVE_rev-63436.patch
- patch from upstream SVN rev. 63436
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html
-- Andreas Wenning <email address hidden> Fri, 12 Mar 2010 12:06:25 +0100
This bug was fixed in the package mediawiki - 1:1.15.1-1ubuntu1
---------------
mediawiki (1:1.15.1-1ubuntu1) lucid; urgency=low
* SECURITY UPDATE: CSS validation issue allowing external images to be included patches/ CSS-no- CVE_rev- 63429.patch lists.wikimedia .org/pipermail/ mediawiki- announce/ 2010-March/ 000088. html patches/ DataLeakage- no-CVE_ rev-63436. patch lists.wikimedia .org/pipermail/ mediawiki- announce/ 2010-March/ 000088. html
into wikis where that is disallowed by conf. (LP: #537974)
- debian/
- patch from upstream SVN rev. 63429
- http://
* SECURITY UPDATE: Data leakage vulnerability in thumb.php affecting wikis
which restrict access to private files using eg. img_auth.php.
- debian/
- patch from upstream SVN rev. 63436
- http://
-- Andreas Wenning <email address hidden> Fri, 12 Mar 2010 12:06:25 +0100