Comment 3 for bug 1370227

Sorry, me misreading the mediawiki bug tracker. This is not CVE-2014-2665 , but the fix for that cve broke the password recovery function is intended to protect:
http://www.mediawiki.org/wiki/Thread:Project:Support_desk/Session_Hijacking_error_after_Update_1.19.14

But still, the mediawiki package is unpatched for CVE-2014-3966 , CVE-2014-5243 and CVE-2014-5241 , all of which is fixed in the utopic package.