-
Committer:
Bazaar Package Importer
-
Author(s):
Andreas Wenning
-
Date:
2009-02-01 08:53:13 UTC
-
Revision ID:
james.westby@ubuntu.com-20090201085313-7p0thizuv91oahlr
Tags: 1:1.12.0-2ubuntu0.2
* SECURITY UPDATE:
- CVE-2008-5249
- CVE-2008-5250
- CVE-2008-5252
- other security-related problems (see full patch description).
- patch taken directly from Debian
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508870
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508869
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html
* debian/patches/CVE-2008-5249_CVE-2008-5250_CVE-2008-5252.patch:
- Fixed output escaping for reporting of non-MediaWiki exceptions.
Potential XSS if an extension throws one of these with user input.
- Avoid fatal error in profileinfo.php when not configured.
- Fixed CSRF vulnerability in Special:Import. Fixed input validation in
transwiki import feature.
- Add a .htaccess to deleted images directory for additional protection
against exposure of deleted files with known SHA-1 hashes on default
installations.
- Fixed XSS vulnerability for Internet Explorer clients, via file uploads
which are interpreted by IE as HTML.
- Fixed XSS vulnerability for clients with SVG scripting, on wikis where SVG
uploads are enabled. Firefox 1.5+ is affected.
- Avoid streaming uploaded files to the user via index.php. This allows
security-conscious users to serve uploaded files via a different domain,
and thus client-side scripts executed from that domain cannot access the
login cookies. Affects Special:Undelete, img_auth.php and thumb.php.
- When streaming files via index.php, use the MIME type detected from the
file extension, not from the data. This reduces the XSS attack surface.
- Blacklist redirects via Special:Filepath. Such redirects exacerbate any
XSS vulnerabilities involving uploads of files containing scripts.