UbuntuUpdates.org

Package "mediawiki"

Name: mediawiki

Description:

website engine for collaborative work
Latest version: 1:1.15.5-7
Release: precise (12.04)
Level: base
Repository: universe
Homepage: http://www.mediawiki.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "mediawiki"

All arch deb package
APT INSTALL

Other versions of "mediawiki" in Precise

No other version of this package is available in the Precise release.

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: *DELETED* 2012-03-06 10:43:48 UTC
No changelog for deleted or moved packages.

Version: 1:1.15.5-7 2012-01-24 13:05:51 UTC

mediawiki (1:1.15.5-7) unstable; urgency=high

  * debian/patches/CVE-2011-4360.patch: remove – the information
    disclosure does not happen on 1.15 and the patch would not
    work anyway because the OutputPage object has no setTitle
    method (this prevents a PHP fatal error when someone has no
    permissions, instead reverting to the pre-1:1.15.5-4 behaviour
    of showing a page asking the user to log in)

 -- Thorsten Glaser Fri, 20 Jan 2012 17:13:28 +0100
Source diff to previous version
CVE-2011-4360 page titles on private wikis

Version: 1:1.15.5-5 2011-12-26 20:03:47 UTC

mediawiki (1:1.15.5-5) unstable; urgency=high

  * Security fixes from upstream:
    CVE-2011-1578 - XSS for IE <= 6
    CVE-2011-1579 - CSS validation error in wikitext parser
    CVE-2011-1580 - access control checks on transwiki import feature
    CVE-2011-1587 - fix incomplete patch for CVE-2011-1578

 -- Jonathan Wiltshire Sun, 18 Dec 2011 23:48:18 +0000
Source diff to previous version
CVE-2011-1578 Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.3, when Internet Explorer 6 or earlier is used, allows remote attackers to inject ar
CVE-2011-1579 The checkCss function in includes/Sanitizer.php in the wikitext parser in MediaWiki before 1.16.3 does not properly validate Cascading Style Sheets (C
CVE-2011-1580 The transwiki import functionality in MediaWiki before 1.16.3 does not properly check privileges, which allows remote authenticated users to perform i
CVE-2011-1587 Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.4, when Internet Explorer 6 or earlier is used, allows remote attackers to inject ar

Version: 1:1.15.5-4 2011-12-18 16:42:22 UTC

mediawiki (1:1.15.5-4) unstable; urgency=low

  [ Thorsten Glaser ]
  * debian/patches/fix_invalid_sql.patch: new (Closes: #615983)

  [ Jonathan Wiltshire ]
  * Security fixes from upstream (Closes: #650434):
    CVE-2011-4360 - page titles on private wikis could be exposed
    bypassing different page ids to index.php
    CVE-2011-4361 - action=ajax requests were dispatched to the
    relevant function without any read permission checks being done

 -- Jonathan Wiltshire Wed, 30 Nov 2011 22:42:52 +0000
615983 Fwd: [evolvis-Bug Reports][#1377] internal error effected by moving a page in a mediawiki - Debian Bug report logs
650434 mediawiki: two security issues (fixed in 1.17.1) - Debian Bug report logs
CVE-2011-4360 page titles on private wikis
CVE-2011-4361 lack of read permission checks

Version: *DELETED* 2011-12-18 14:32:55 UTC
No changelog for deleted or moved packages.


About   -   Send Feedback to @ubuntu_updates