MediaWiki

Bug #697451
Activity log

Activity log for bug #697451

Date	Who	What changed	Old value	New value	Message
2011-01-04 23:34:50	Jonathan Wiltshire	bug			added bug
2011-01-04 23:34:50	Jonathan Wiltshire	attachment added		CVE-2011-0003.patch https://bugs.launchpad.net/bugs/697451/+attachment/1783716/+files/CVE-2011-0003.patch
2011-01-04 23:36:44	Jonathan Wiltshire	bug watch added		https://bugzilla.wikipedia.org/show_bug.cgi?id=26561
2011-01-04 23:36:44	Jonathan Wiltshire	bug task added		mediawiki
2011-01-04 23:37:14	Jonathan Wiltshire	description	Binary package hint: mediawiki A clickjacking vulnerability was reported in MediaWiki [1]. This could allow a malicious web site to compromise the account of the user visiting a MediaWiki-based web site (an attack similar to cross-site scripting). For full protection, a user needs to be using a browser that supports the X-Frame-Options feature [2]. MediaWiki 1.16.1 [3] has been released to correct this flaw. For MediaWiki 1.15.x and earlier, a patch [4] is available which denies all framing. [1] https://bugzilla.wikimedia.org/show_bug.cgi?id=CVE-2011-0003 [2] https://developer.mozilla.org/en/the_x-frame-options_response_header [3] http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_16_1/phase3/RELEASE-NOTES [4] http://www.mediawiki.org/wiki/Special:Code/MediaWiki/79566	Binary package hint: mediawiki A clickjacking vulnerability was reported in MediaWiki [1]. This could allow a malicious web site to compromise the account of the user visiting a MediaWiki-based web site (an attack similar to cross-site scripting). For full protection, a user needs to be using a browser that supports the X-Frame-Options feature [2]. MediaWiki 1.16.1 [3] has been released to correct this flaw. For MediaWiki 1.15.x and earlier, a patch [4] is available which denies all framing. [1] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0003 [2] https://developer.mozilla.org/en/the_x-frame-options_response_header [3] http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_16_1/phase3/RELEASE-NOTES [4] http://www.mediawiki.org/wiki/Special:Code/MediaWiki/79566
2011-01-04 23:38:01	Jonathan Wiltshire	bug watch added		https://bugzilla.redhat.com/show_bug.cgi?id=667201
2011-01-04 23:38:01	Jonathan Wiltshire	bug task added		mediawiki (Fedora)
2011-01-04 23:40:07	Jonathan Wiltshire	bug task added		mediawiki (Debian)
2011-01-04 23:40:21	Jonathan Wiltshire	mediawiki (Debian): status	New	In Progress
2011-01-05 13:57:26	Jonathan Wiltshire	bug watch added		https://bugzilla.wikipedia.org/show_bug.cgi?id=26561
2011-01-10 09:43:16	Jonathan Wiltshire	mediawiki (Debian): status	In Progress	Fix Released
2011-01-10 09:43:21	Jonathan Wiltshire	mediawiki (Ubuntu): status	New	In Progress
2011-01-10 09:54:48	Jonathan Wiltshire	bug watch added		https://bugzilla.wikimedia.org/show_bug.cgi?id=26561
2011-01-10 09:56:34	Jonathan Wiltshire	cve linked		2011-0003
2011-01-11 21:00:41	Jamie Strandboge	visibility	private	public
2011-01-11 21:02:02	Jamie Strandboge	mediawiki (Ubuntu): status	In Progress	Confirmed
2011-01-11 21:03:15	Jamie Strandboge	mediawiki (Ubuntu): importance	Undecided	Medium
2011-01-11 21:05:05	Jamie Strandboge	nominated for series		Ubuntu Karmic
2011-01-11 21:05:05	Jamie Strandboge	bug task added		mediawiki (Ubuntu Karmic)
2011-01-11 21:05:05	Jamie Strandboge	nominated for series		Ubuntu Lucid
2011-01-11 21:05:05	Jamie Strandboge	bug task added		mediawiki (Ubuntu Lucid)
2011-01-11 21:05:05	Jamie Strandboge	nominated for series		Ubuntu Natty
2011-01-11 21:05:05	Jamie Strandboge	bug task added		mediawiki (Ubuntu Natty)
2011-01-11 21:05:05	Jamie Strandboge	nominated for series		Ubuntu Maverick
2011-01-11 21:05:05	Jamie Strandboge	bug task added		mediawiki (Ubuntu Maverick)
2011-01-11 21:05:58	Jamie Strandboge	nominated for series		Ubuntu Hardy
2011-01-11 21:05:58	Jamie Strandboge	bug task added		mediawiki (Ubuntu Hardy)
2011-01-11 21:06:33	Jamie Strandboge	mediawiki (Ubuntu Natty): status	Confirmed	Fix Released
2011-01-11 21:07:11	Jamie Strandboge	mediawiki (Ubuntu Lucid): status	New	Confirmed
2011-01-11 21:07:15	Jamie Strandboge	mediawiki (Ubuntu Lucid): importance	Undecided	Medium
2011-01-11 21:07:22	Jamie Strandboge	mediawiki (Ubuntu Maverick): status	New	Confirmed
2011-01-11 21:07:28	Jamie Strandboge	mediawiki (Ubuntu Maverick): importance	Undecided	Medium
2011-01-11 21:07:33	Jamie Strandboge	mediawiki (Ubuntu Karmic): status	New	Confirmed
2011-01-11 21:07:38	Jamie Strandboge	mediawiki (Ubuntu Karmic): importance	Undecided	Medium
2011-10-14 19:03:45	Jamie Strandboge	mediawiki (Ubuntu Karmic): status	Confirmed	Won't Fix
2011-10-14 19:04:02	Jamie Strandboge	mediawiki (Ubuntu Hardy): status	New	Won't Fix
2011-10-14 19:06:13	Jamie Strandboge	mediawiki: status	Unknown	Incomplete
2011-10-14 19:06:14	Jamie Strandboge	mediawiki (Ubuntu): status	Fix Released	Incomplete
2011-10-14 19:06:17	Jamie Strandboge	mediawiki (Ubuntu Lucid): status	Confirmed	Incomplete
2011-10-14 19:06:18	Jamie Strandboge	mediawiki (Ubuntu Maverick): status	Confirmed	Incomplete
2011-10-14 19:06:20	Jamie Strandboge	mediawiki (Ubuntu Natty): status	Fix Released	Incomplete
2011-10-14 19:06:21	Jamie Strandboge	mediawiki (Ubuntu Hardy): status	Won't Fix	Incomplete
2011-10-14 19:06:23	Jamie Strandboge	mediawiki (Ubuntu Karmic): status	Won't Fix	Incomplete
2011-10-14 19:07:22	Jamie Strandboge	mediawiki (Fedora): status	Unknown	Incomplete
2011-10-14 19:12:09	Jamie Strandboge	mediawiki: importance	Unknown	Undecided
2011-10-14 19:12:09	Jamie Strandboge	mediawiki: status	Incomplete	New
2011-10-14 19:12:09	Jamie Strandboge	mediawiki: remote watch	MediaWiki bug tracker #26561
2011-10-14 19:12:27	Jamie Strandboge	mediawiki: importance	Undecided	Unknown
2011-10-14 19:12:27	Jamie Strandboge	mediawiki: status	New	Unknown
2011-10-14 19:12:27	Jamie Strandboge	mediawiki: remote watch		MediaWiki bug tracker #26561
2011-10-14 19:12:48	Jamie Strandboge	mediawiki (Ubuntu Lucid): status	Incomplete	Fix Released
2011-10-14 19:13:01	Jamie Strandboge	mediawiki (Ubuntu Natty): status	Incomplete	Fix Released
2011-10-14 19:13:19	Jamie Strandboge	mediawiki (Ubuntu Lucid): status	Fix Released	Incomplete
2011-10-14 19:13:25	Jamie Strandboge	mediawiki (Ubuntu Karmic): status	Incomplete	Won't Fix
2011-10-14 19:13:28	Jamie Strandboge	mediawiki (Ubuntu Hardy): status	Incomplete	Won't Fix
2011-10-14 19:13:31	Jamie Strandboge	mediawiki (Ubuntu): status	Incomplete	Fix Released
2012-04-13 08:49:39	Bug Watch Updater	mediawiki: status	Unknown	Fix Released
2012-04-13 08:49:39	Bug Watch Updater	mediawiki: importance	Unknown	High
2012-04-23 22:19:57	Jamie Strandboge	mediawiki (Ubuntu): status	Fix Released	Invalid
2012-04-23 22:20:00	Jamie Strandboge	mediawiki (Ubuntu Lucid): status	Incomplete	Invalid
2012-04-23 22:20:03	Jamie Strandboge	mediawiki (Ubuntu Maverick): status	Incomplete	Invalid
2012-04-23 22:20:06	Jamie Strandboge	mediawiki (Ubuntu Natty): status	Fix Released	Invalid
2012-04-23 22:20:08	Jamie Strandboge	mediawiki (Ubuntu Hardy): status	Won't Fix	Invalid
2012-04-23 22:20:11	Jamie Strandboge	mediawiki (Ubuntu Karmic): status	Won't Fix	Invalid
2012-04-23 22:21:12	Jamie Strandboge	mediawiki (Fedora): status	Incomplete	Invalid
2017-10-27 16:28:12	Bug Watch Updater	mediawiki (Fedora): status	Invalid	Fix Released
2017-10-27 16:28:12	Bug Watch Updater	mediawiki (Fedora): importance	Unknown	Medium