registry team mailing list archive

Thread
Date

[Bug 610819] Re: XSS vulnerability in profileinfo.php

To: registry@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <610819@xxxxxxxxxxxxxxxxxx>
Date: Thu, 29 Jul 2010 12:10:29 -0000
Reply-to: Bug 610819 <610819@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package mediawiki - 1:1.15.5-1

---------------
mediawiki (1:1.15.5-1) unstable; urgency=high

  [ Thorsten Glaser ]
  * debian/patches/suppress_warnings.patch: new, suppress warnings
    about session_start() being called twice also in the PHP error
    log, not just MediaWiki’s, for example run from FusionForge

  [ Jonathan Wiltshire ]
  * New upstream security release:
    - correctly set caching headers to prevent private data leakage
         (closes: #590660, LP: #610782)
    - fix XSS vulnerability in profileinfo.php
         (closes: #590669, LP: #610819)
 -- Jonathan Wiltshire <debian@xxxxxxxxxxxxxxxxx>   Wed, 28 Jul 2010 12:23:04 +0100

** Changed in: mediawiki (Ubuntu)
       Status: New => Fix Released

-- 
XSS vulnerability in profileinfo.php
https://bugs.launchpad.net/bugs/610819
You received this bug notification because you are a member of Registry
Administrators, which is the registrant for Debian.