← Back to branch summary

~ubuntu-security/ubuntu-cve-tracker/master

« back to all changes in this revision

Viewing changes to active/CVE-2017-0362

  • Committer: Steve Beattie
  • Date: 2019-02-19 06:18:27 UTC
  • Revision ID: sbeattie@ubuntu.com-20190219061827-oh57fzcfc1u9dlfk
The ubuntu-cve-tracker project has been converted to git.

Please use 'git clone https://git.launchpad.net/ubuntu-cve-tracker' to
get the converted tree.

Show diffs side-by-side

added added

removed removed

Lines of Context:
active/CVE-2017-0362
1
 
Candidate: CVE-2017-0362
2
 
PublicDate: 2018-04-13
3
 
References:
4
 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0362
5
 
 https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
6
 
Description:
7
 
 Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark
8
 
 all pages visited" on the watchlist does not require a CSRF token.
9
 
Ubuntu-Description:
10
 
Notes:
11
 
Bugs:
12
 
 https://phabricator.wikimedia.org/T150044
13
 
Priority: untriaged
14
 
Discovered-by:
15
 
Assigned-to:
16
 
 
17
 
Patches_mediawiki:
18
 
upstream_mediawiki: released (1:1.27.2-1)
19
 
precise_mediawiki: ignored (reached end-of-life)
20
 
precise/esm_mediawiki: DNE (precise was needed)
21
 
trusty_mediawiki: needed
22
 
vivid/stable-phone-overlay_mediawiki: DNE
23
 
vivid/ubuntu-core_mediawiki: DNE
24
 
xenial_mediawiki: DNE
25
 
yakkety_mediawiki: ignored (reached end-of-life)
26
 
zesty_mediawiki: ignored (reached end-of-life)
27
 
artful_mediawiki: needed
28
 
bionic_mediawiki: needed
29
 
devel_mediawiki: needed