[Pkg-mediawiki-devel] Bug#591382: mediawiki: Stable version missing recent security patches

Jacopo at Bach j.corbetta at sssup.it
Mon Aug 2 16:15:47 UTC 2010

Package: mediawiki
Version: 1:1.12.0-2lenny5
Severity: grave
Tags: security
Justification: user security hole

The mediawiki version in lenny seems to be missing the security patches released with 1.15.4 and 1.15.5

For example, the changes of http://www.mediawiki.org/wiki/Special:Code/MediaWiki/66990 and http://www.mediawiki.org/wiki/Special:Code/MediaWiki/65760 have not been applied. This was also pointed out today on wikitech-l by Max Semenik.

-- System Information:
Debian Release: 5.0.5
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-2-openvz-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages mediawiki depends on:
ii  apache2-mpm-prefor 2.2.9-10+lenny8       Apache HTTP Server - traditional n
ii  debconf [debconf-2 1.5.24                Debian configuration management sy
ii  mime-support       3.44-1                MIME files 'mime.types' & 'mailcap
ii  php5               5.2.6.dfsg.1-1+lenny8 server-side, HTML-embedded scripti
ii  php5-mysql         5.2.6.dfsg.1-1+lenny8 MySQL module for php5

Versions of packages mediawiki recommends:
ii  mysql-server       5.0.51a-24+lenny4     MySQL database server (metapackage
ii  mysql-server-5.0 [ 5.0.51a-24+lenny4     MySQL database server binaries
ii  php5-cli           5.2.6.dfsg.1-1+lenny8 command-line interpreter for the p

Versions of packages mediawiki suggests:
pn  clamav          <none>                   (no description available)
ii  imagemagick     7: image manipulation programs
pn  mediawiki-math  <none>                   (no description available)
pn  memcached       <none>                   (no description available)
ii  php5-gd         5.2.6.dfsg.1-1+lenny8    GD module for php5

-- debconf information excluded

More information about the Pkg-mediawiki-devel mailing list