Package: mediawiki Version: 1:1.12.0-2lenny5 Severity: grave Tags: security upstream Justification: user security hole
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - From http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html: A data leakage vulnerability was discovered, affecting MediaWiki 1.8 and later. Public caching headers were incorrectly set on API responses containing private data. By means of a CSRF-style attack, this can lead to the disclosure of various types of private data stored on a wiki. All users are advised to upgrade. - -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages mediawiki depends on: ii apache2 2.2.16-1 Apache HTTP Server metapackage ii apache2-mpm-prefork [httpd] 2.2.16-1 Apache HTTP Server - traditional n ii debconf [debconf-2.0] 1.5.33 Debian configuration management sy ii mime-support 3.48-1 MIME files 'mime.types' & 'mailcap ii php5 5.3.2-2 server-side, HTML-embedded scripti ii php5-mysql 5.3.2-2 MySQL module for php5 ii php5-pgsql 5.3.2-2 PostgreSQL module for php5 Versions of packages mediawiki recommends: ii mysql-server 5.1.48-1 MySQL database server (metapackage ii mysql-server-5.1 [mysql-serve 5.1.48-1 MySQL database server binaries and ii php5-cli 5.3.2-2 command-line interpreter for the p Versions of packages mediawiki suggests: ii clamav 0.96.1+dfsg-3 anti-virus utility for Unix - comm ii imagemagick 7:6.6.2.6-1 image manipulation programs pn mediawiki-math <none> (no description available) pn memcached <none> (no description available) ii php5-gd 5.3.2-2 GD module for php5 - -- Configuration Files: /etc/mediawiki/apache.conf changed [not included] - -- debconf information excluded -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJMT+c6AAoJEFOUR53TUkxRll0QAJxjjAQv/S4233W8cQh+lRbd w9ybix7gW9ZzyXNTgfGPMpmlzZakxCUX4/hmH6K5xTUFOJgxyULm8n5wiRqQZc5n kKcNzhk3zyM7Nyo9PiGL6QS1g1jOCVTjTktzjLUwLS4J7B1Kx3GzfncmBDsCyl5d L4EZd6NqMYLUECrDwYgnWXdmEtL1Z77GiNdNPPgFS1Xy+mJ1B3BZa7fs7pYeJXPg qkg0+WFYaGk0fuTsAgOWd1mLLQqRZe2N+26hZHsp6O+1FjS4Nsn1o/WJ16AS2hrB uM/A1C4J2WiVEGrrIyNq5ZizSCI0WVU4bW49qF7pdVRY9BhAGQBM428G7evOJoyt 80Uk2Qj48zOnKJ3oUBKaiOWyXMv+yVQAQfpb6kGOsXKeA8MoGZ69D/g+zL+R8R/X l4Yq4oNmh+8VvklvJOw33oyI/kKCgfgbxsZRXcUzhBpEx0WNxTXWj3K+agj8tLoy nRYxp2Y8n2vKczXka9oXjEaACb/SjKtliMJRF44jiKBxmjWGOsKplRpGdSks5hTQ 2tIjJzv3eoiU4zkOIkMYGmc1XeiW/MkSZjG2D5NauP7QpXjDW0Uiao2cw0dIcmQe +8p+G82ureAnIxhaV/DIwF6fkuD/H3Wg6jAI+Y2hkK+60TZIXP2M6RJhFUK8xIGv TKc9Djoilcdg04sOYK9X =UzXk -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
