[Bug 603740] Re: [CVE-2010-1190] Data leakage vulnerability in thumb.php
This bug was fixed in the package mediawiki - 1:1.15.0-1.1ubuntu0.4 --- mediawiki (1:1.15.0-1.1ubuntu0.4) karmic-security; urgency=low * SECURITY UPDATE: Data leakage vulnerability in thumb.php affecting wikis which restrict access to private files using eg. img_auth.php. - CVE-2010-1190 - debian/patches/DataLeakage-CVE-2010-1190.patch - patch from upstream SVN rev. 63436 - http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/88.html - LP: #603740 -- Andreas Wenning a...@awen.dk Fri, 09 Jul 2010 22:23:06 +0200 ** Changed in: mediawiki (Ubuntu Karmic) Status: Fix Committed = Fix Released ** Changed in: mediawiki (Ubuntu Jaunty) Status: Fix Committed = Fix Released -- [CVE-2010-1190] Data leakage vulnerability in thumb.php https://bugs.launchpad.net/bugs/603740 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 603740] Re: [CVE-2010-1190] Data leakage vulnerability in thumb.php
This bug was fixed in the package mediawiki - 1:1.13.3-1ubuntu2.4 --- mediawiki (1:1.13.3-1ubuntu2.4) jaunty-security; urgency=low * SECURITY UPDATE: Data leakage vulnerability in thumb.php affecting wikis which restrict access to private files using eg. img_auth.php. - CVE-2010-1190 - debian/patches/DataLeakage-CVE-2010-1190.patch - patch from upstream SVN rev. 63436 - http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/88.html - LP: #603740 -- Andreas Wenning a...@awen.dk Fri, 09 Jul 2010 22:26:21 +0200 ** Changed in: mediawiki (Ubuntu Hardy) Status: Fix Committed = Fix Released -- [CVE-2010-1190] Data leakage vulnerability in thumb.php https://bugs.launchpad.net/bugs/603740 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 603740] Re: [CVE-2010-1190] Data leakage vulnerability in thumb.php
This bug was fixed in the package mediawiki - 1:1.11.2-2ubuntu0.7 --- mediawiki (1:1.11.2-2ubuntu0.7) hardy-security; urgency=low * SECURITY UPDATE: Data leakage vulnerability in thumb.php affecting wikis which restrict access to private files using eg. img_auth.php. - CVE-2010-1190 - debian/patches/DataLeakage-CVE-2010-1190.patch - patch based on upstream SVN rev. 63436 - http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/88.html - LP: #603740 -- Andreas Wenning a...@awen.dk Fri, 09 Jul 2010 22:38:34 +0200 -- [CVE-2010-1190] Data leakage vulnerability in thumb.php https://bugs.launchpad.net/bugs/603740 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 603740] Re: [CVE-2010-1190] Data leakage vulnerability in thumb.php
Thanks for the debdiffs Andreas. ACK to all three. Packages are building now and will be released soon. ** Changed in: mediawiki (Ubuntu Hardy) Status: Confirmed = Fix Committed ** Changed in: mediawiki (Ubuntu Karmic) Status: Confirmed = Fix Committed ** Changed in: mediawiki (Ubuntu Jaunty) Status: Confirmed = Fix Committed -- [CVE-2010-1190] Data leakage vulnerability in thumb.php https://bugs.launchpad.net/bugs/603740 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 603740] Re: [CVE-2010-1190] Data leakage vulnerability in thumb.php
** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-1190 ** Visibility changed to: Public ** Also affects: mediawiki (Ubuntu Hardy) Importance: Undecided Status: New ** Also affects: mediawiki (Ubuntu Jaunty) Importance: Undecided Status: New ** Also affects: mediawiki (Ubuntu Karmic) Importance: Undecided Status: New ** Changed in: mediawiki (Ubuntu) Status: New = Fix Released -- [CVE-2010-1190] Data leakage vulnerability in thumb.php https://bugs.launchpad.net/bugs/603740 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 603740] Re: [CVE-2010-1190] Data leakage vulnerability in thumb.php
As far as Karmic goes, the best thing might be to upload 1:1.15.3 or .4 since these are upstream's stable series anyway and include other security fixes. ** Also affects: mediawiki (Debian) Importance: Undecided Status: New ** Changed in: mediawiki (Debian) Status: New = Fix Released -- [CVE-2010-1190] Data leakage vulnerability in thumb.php https://bugs.launchpad.net/bugs/603740 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 603740] Re: [CVE-2010-1190] Data leakage vulnerability in thumb.php
Already prepared debdiffs for hardy, jaunty and karmic fixing this. All has been tested in .chroots to verify the fix. First follows for karmic. ** Patch added: mediawiki_1.15.0-1.1ubuntu0.4.debdiff http://launchpadlibrarian.net/51645793/mediawiki_1.15.0-1.1ubuntu0.4.debdiff -- [CVE-2010-1190] Data leakage vulnerability in thumb.php https://bugs.launchpad.net/bugs/603740 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 603740] Re: [CVE-2010-1190] Data leakage vulnerability in thumb.php
For jaunty. -- [CVE-2010-1190] Data leakage vulnerability in thumb.php https://bugs.launchpad.net/bugs/603740 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 603740] Re: [CVE-2010-1190] Data leakage vulnerability in thumb.php
** Patch added: mediawiki_1.13.3-1ubuntu2.4.debdiff http://launchpadlibrarian.net/51645811/mediawiki_1.13.3-1ubuntu2.4.debdiff -- [CVE-2010-1190] Data leakage vulnerability in thumb.php https://bugs.launchpad.net/bugs/603740 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 603740] Re: [CVE-2010-1190] Data leakage vulnerability in thumb.php
And lastly for hardy. ** Patch added: mediawiki_1.11.2-2ubuntu0.7.debdiff http://launchpadlibrarian.net/51645821/mediawiki_1.11.2-2ubuntu0.7.debdiff ** Changed in: mediawiki (Ubuntu Karmic) Status: New = Confirmed ** Changed in: mediawiki (Ubuntu Hardy) Status: New = Confirmed ** Changed in: mediawiki (Ubuntu Jaunty) Status: New = Confirmed -- [CVE-2010-1190] Data leakage vulnerability in thumb.php https://bugs.launchpad.net/bugs/603740 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
