registry team mailing list archive
-
registry team
-
Mailing list archive
-
Message #09592
[Bug 610782] Re: Private data leakage in MW >= 1.8
This bug was fixed in the package mediawiki - 1:1.15.5-1
---------------
mediawiki (1:1.15.5-1) unstable; urgency=high
[ Thorsten Glaser ]
* debian/patches/suppress_warnings.patch: new, suppress warnings
about session_start() being called twice also in the PHP error
log, not just MediaWiki’s, for example run from FusionForge
[ Jonathan Wiltshire ]
* New upstream security release:
- correctly set caching headers to prevent private data leakage
(closes: #590660, LP: #610782)
- fix XSS vulnerability in profileinfo.php
(closes: #590669, LP: #610819)
-- Jonathan Wiltshire <debian@xxxxxxxxxxxxxxxxx> Wed, 28 Jul 2010 12:23:04 +0100
** Changed in: mediawiki (Ubuntu)
Status: New => Fix Released
--
Private data leakage in MW >= 1.8
https://bugs.launchpad.net/bugs/610782
You received this bug notification because you are a member of Registry
Administrators, which is the registrant for Debian.