← Back to team overview

registry team mailing list archive

[Bug 610782] Re: Private data leakage in MW >= 1.8

 

This bug was fixed in the package mediawiki - 1:1.15.5-1

---------------
mediawiki (1:1.15.5-1) unstable; urgency=high

  [ Thorsten Glaser ]
  * debian/patches/suppress_warnings.patch: new, suppress warnings
    about session_start() being called twice also in the PHP error
    log, not just MediaWiki’s, for example run from FusionForge

  [ Jonathan Wiltshire ]
  * New upstream security release:
    - correctly set caching headers to prevent private data leakage
         (closes: #590660, LP: #610782)
    - fix XSS vulnerability in profileinfo.php
         (closes: #590669, LP: #610819)
 -- Jonathan Wiltshire <debian@xxxxxxxxxxxxxxxxx>   Wed, 28 Jul 2010 12:23:04 +0100

** Changed in: mediawiki (Ubuntu)
       Status: New => Fix Released

-- 
Private data leakage in MW >= 1.8
https://bugs.launchpad.net/bugs/610782
You received this bug notification because you are a member of Registry
Administrators, which is the registrant for Debian.