diff -u mediawiki-1.13.3/debian/changelog mediawiki-1.13.3/debian/changelog
--- mediawiki-1.13.3/debian/changelog
+++ mediawiki-1.13.3/debian/changelog
@@ -1,3 +1,15 @@
+mediawiki (1:1.13.3-1ubuntu2.4) jaunty-security; urgency=low
+
+  * SECURITY UPDATE: Data leakage vulnerability in thumb.php affecting wikis
+    which restrict access to private files using eg. img_auth.php.
+    - CVE-2010-1190
+    - debian/patches/DataLeakage-CVE-2010-1190.patch
+    - patch from upstream SVN rev. 63436
+    - http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html
+    - LP: #603740
+
+ -- Andreas Wenning <awen@awen.dk>  Fri, 09 Jul 2010 22:26:21 +0200
+
 mediawiki (1:1.13.3-1ubuntu2.3) jaunty-security; urgency=low
 
   * SECURITY UPDATE: A CSRF vulnerability was discovered in our login
diff -u mediawiki-1.13.3/debian/patches/series mediawiki-1.13.3/debian/patches/series
--- mediawiki-1.13.3/debian/patches/series
+++ mediawiki-1.13.3/debian/patches/series
@@ -9,0 +10 @@
+DataLeakage-CVE-2010-1190.patch
only in patch2:
unchanged:
--- mediawiki-1.13.3.orig/debian/patches/DataLeakage-CVE-2010-1190.patch
+++ mediawiki-1.13.3/debian/patches/DataLeakage-CVE-2010-1190.patch
@@ -0,0 +1,64 @@
+Subject: Fix data leakage from thumb.php for wikis where access to images is
+restricted (e.g. using img_auth.php).
+Origin: http://svn.wikimedia.org/viewvc/mediawiki?view=rev&revision=63436
+Index: b/thumb.php
+===================================================================
+--- a/thumb.php	2008-06-20 01:22:03.000000000 +0200
++++ b/thumb.php	2010-07-09 22:26:01.462502033 +0200
+@@ -20,6 +20,9 @@
+ 
+ function wfThumbMain() {
+ 	wfProfileIn( __METHOD__ );
++
++	$headers = array();
++
+ 	// Get input parameters
+ 	if ( get_magic_quotes_gpc() ) {
+ 		$params = array_map( 'stripslashes', $_REQUEST );
+@@ -44,6 +47,18 @@
+ 	$fileName = strtr( $fileName, '\\/', '__' );
+ 
+ 	$img = wfLocalFile( $fileName );
++
++	// Check permissions if there are read restrictions
++	if ( !in_array( 'read', User::getGroupPermissions( array( '*' ) ), true ) ) {
++		if ( !$img->getTitle()->userCanRead() ) {
++			wfThumbError( 403, 'Access denied. You do not have permission to access ' . 
++				'the source file.' );
++			return;
++		}
++		$headers[] = 'Cache-Control: private';
++		$headers[] = 'Vary: Cookie';
++	}
++
+ 	if ( !$img ) {
+ 		wfThumbError( 404, wfMsg( 'badtitletext' ) );
+ 		return;
+@@ -80,7 +95,7 @@
+ 			$thumbPath = $img->getThumbPath( $thumbName );
+ 
+ 			if ( is_file( $thumbPath ) ) {
+-				wfStreamFile( $thumbPath );
++				wfStreamFile( $thumbPath, $headers );
+ 				return;
+ 			}
+ 		}
+@@ -107,7 +122,7 @@
+ 		$errorMsg = wfMsgHtml( 'thumbnail_error', 'Image was not scaled, ' .
+ 			'is the requested width bigger than the source?' );
+ 	} else {
+-		wfStreamFile( $thumb->getPath() );
++		wfStreamFile( $thumb->getPath(), $headers );
+ 	}
+ 	if ( $errorMsg !== false ) {
+ 		wfThumbError( 500, $errorMsg );
+@@ -122,6 +137,9 @@
+ 	header( 'Content-Type: text/html; charset=utf-8' );
+ 	if ( $status == 404 ) {
+ 		header( 'HTTP/1.1 404 Not found' );
++	} elseif ( $status == 403 ) {
++		header( 'HTTP/1.1 403 Forbidden' );
++		header( 'Vary: Cookie' );
+ 	} else {
+ 		header( 'HTTP/1.1 500 Internal server error' );
+ 	}