diff -u mediawiki-1.11.2/debian/patches/series mediawiki-1.11.2/debian/patches/series
--- mediawiki-1.11.2/debian/patches/series
+++ mediawiki-1.11.2/debian/patches/series
@@ -11,0 +12 @@
+DataLeakage-CVE-2010-1190.patch
diff -u mediawiki-1.11.2/debian/changelog mediawiki-1.11.2/debian/changelog
--- mediawiki-1.11.2/debian/changelog
+++ mediawiki-1.11.2/debian/changelog
@@ -1,3 +1,15 @@
+mediawiki (1:1.11.2-2ubuntu0.7) hardy-security; urgency=low
+
+  * SECURITY UPDATE: Data leakage vulnerability in thumb.php affecting wikis
+    which restrict access to private files using eg. img_auth.php.
+    - CVE-2010-1190
+    - debian/patches/DataLeakage-CVE-2010-1190.patch
+    - patch based on upstream SVN rev. 63436
+    - http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html
+    - LP: #603740
+
+ -- Andreas Wenning <awen@awen.dk>  Fri, 09 Jul 2010 22:38:34 +0200
+
 mediawiki (1:1.11.2-2ubuntu0.6) hardy-security; urgency=low
 
   * SECURITY UPDATE: A CSRF vulnerability was discovered in our login
only in patch2:
unchanged:
--- mediawiki-1.11.2.orig/debian/patches/DataLeakage-CVE-2010-1190.patch
+++ mediawiki-1.11.2/debian/patches/DataLeakage-CVE-2010-1190.patch
@@ -0,0 +1,49 @@
+Subject: Fix data leakage from thumb.php for wikis where access to images is
+restricted (e.g. using img_auth.php).
+Origin: http://svn.wikimedia.org/viewvc/mediawiki?view=rev&revision=63436
+Index: b/thumb.php
+===================================================================
+--- a/thumb.php	2010-07-09 23:50:00.633587262 +0200
++++ b/thumb.php	2010-07-09 23:53:54.882506465 +0200
+@@ -14,6 +14,8 @@
+ 
+ require_once( "$IP/includes/StreamFile.php" );
+ 
++$headers = array();
++
+ // Get input parameters
+ if ( get_magic_quotes_gpc() ) {
+ 	$params = array_map( 'stripslashes', $_REQUEST );
+@@ -40,11 +42,22 @@
+ // Stream the file if it exists already
+ try {
+ 	$img = wfLocalFile( $fileName );
++	// Check permissions if there are read restrictions
++	if ( !in_array( 'read', User::getGroupPermissions( array( '*' ) ), true ) ) {
++		if ( !$img->getTitle()->userCanRead() ) {
++			thumbInternalError( 'Access denied. You do not have permission to access ' . 
++				'the source file.' );
++			exit;
++		}
++		$headers[] = 'Cache-Control: private';
++		$headers[] = 'Vary: Cookie';
++	}
++
+ 	if ( $img && false != ( $thumbName = $img->thumbName( $params ) ) ) {
+ 		$thumbPath = $img->getThumbPath( $thumbName );
+ 
+ 		if ( is_file( $thumbPath ) ) {
+-			wfStreamFile( $thumbPath );
++			wfStreamFile( $thumbPath, $headers );
+ 			wfLogProfilingData();
+ 			exit;
+ 		}
+@@ -82,7 +95,7 @@
+ 	$errorMsg = wfMsgHtml( 'thumbnail_error', 'Image was not scaled, ' .
+ 		'is the requested width bigger than the source?' );
+ } else {
+-	wfStreamFile( $thumb->getPath() );
++	wfStreamFile( $thumb->getPath(), $headers );
+ }
+ if ( $errorMsg !== false ) {
+ 	thumbInternalError( $errorMsg );