* SECURITY UPDATE: MediaWiki was found to be vulnerable to login CSRF. An
attacker who controls a user account on the target wiki can force the
victim to login as the attacker, via a script on an external website.
IMPORTANT: Fix includes a breaking change to the API login action. Any
clients using it will need to be updated. (LP: #557159)
- debian/patches/CSRF-no-CVE_rev-64680.patch
- patch from upstream SVN rev. 64680
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-April/000090.html
- https://bugzilla.wikimedia.org/show_bug.cgi?id=23076
-- Andreas Wenning <email address hidden> Wed, 07 Apr 2010 11:46:10 +0200
This bug was fixed in the package mediawiki - 1:1.15.1-1ubuntu2
---------------
mediawiki (1:1.15.1-1ubuntu2) lucid; urgency=low
* SECURITY UPDATE: MediaWiki was found to be vulnerable to login CSRF. An patches/ CSRF-no- CVE_rev- 64680.patch lists.wikimedia .org/pipermail/ mediawiki- announce/ 2010-April/ 000090. html /bugzilla. wikimedia. org/show_ bug.cgi? id=23076
attacker who controls a user account on the target wiki can force the
victim to login as the attacker, via a script on an external website.
IMPORTANT: Fix includes a breaking change to the API login action. Any
clients using it will need to be updated. (LP: #557159)
- debian/
- patch from upstream SVN rev. 64680
- http://
- https:/
-- Andreas Wenning <email address hidden> Wed, 07 Apr 2010 11:46:10 +0200