[CVE-2010-1190] Data leakage vulnerability in thumb.php
Bug #603740 reported by
Andreas Wenning
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mediawiki (Debian) |
Fix Released
|
Undecided
|
Unassigned | ||
mediawiki (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Hardy |
Fix Released
|
Undecided
|
Unassigned | ||
Jaunty |
Fix Released
|
Undecided
|
Unassigned | ||
Karmic |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: mediawiki
http://
From upstream announcement:
A data leakage vulnerability was discovered in thumb.php which affects
wikis which restrict access to private files using img_auth.php, or
some similar scheme. All versions of MediaWiki since 1.5 are affected.
Lucid and onward fixed in 1:1.15.1-1ubuntu1
CVE References
visibility: | private → public |
Changed in mediawiki (Ubuntu): | |
status: | New → Fix Released |
To post a comment you must log in.
As far as Karmic goes, the best thing might be to upload 1:1.15.3 or .4 since these are upstream's stable series anyway and include other security fixes.