* SECURITY UPDATE: MediaWiki was found to be vulnerable to login CSRF. An
attacker who controls a user account on the target wiki can force the
victim to login as the attacker, via a script on an external website.
IMPORTANT: Fix includes a breaking change to the API login action. Any
clients using it will need to be updated. (LP: #557159)
- debian/patches/CSRF-no-CVE_rev-64680.patch
- patch based on upstream SVN rev. 64680
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-April/000090.html
- https://bugzilla.wikimedia.org/show_bug.cgi?id=23076
- CVE-2010-1150
-- Andreas Wenning <email address hidden> Wed, 07 Apr 2010 11:56:59 +0200
This bug was fixed in the package mediawiki - 1:1.13.3-1ubuntu2.2
--------------- 3-1ubuntu2. 2) jaunty-security; urgency=low
mediawiki (1:1.13.
* SECURITY UPDATE: MediaWiki was found to be vulnerable to login CSRF. An patches/ CSRF-no- CVE_rev- 64680.patch lists.wikimedia .org/pipermail/ mediawiki- announce/ 2010-April/ 000090. html /bugzilla. wikimedia. org/show_ bug.cgi? id=23076
attacker who controls a user account on the target wiki can force the
victim to login as the attacker, via a script on an external website.
IMPORTANT: Fix includes a breaking change to the API login action. Any
clients using it will need to be updated. (LP: #557159)
- debian/
- patch based on upstream SVN rev. 64680
- http://
- https:/
- CVE-2010-1150
-- Andreas Wenning <email address hidden> Wed, 07 Apr 2010 11:56:59 +0200