[Pkg-mediawiki-devel] Bug#742857: mediawiki: login CSRF in Special:ChangePassword
Henri Salo
henri at nerv.fi
Fri Mar 28 06:58:41 UTC 2014
Package: mediawiki
Version: 1:1.19.13+dfsg-1
Severity: important
Tags: security, fixed-upstream
https://bugzilla.wikimedia.org/show_bug.cgi?id=62497
http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-March/000145.html
Patch: https://gerrit.wikimedia.org/r/#/c/121517/1/includes/specials/SpecialChangePassword.php
CVE request: http://www.openwall.com/lists/oss-security/2014/03/28/1
I have not verified this issue and I have not tested this in stable. Please ask
if you need help.
---
Henri Salo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-mediawiki-devel/attachments/20140328/87181f12/attachment.sig>
More information about the Pkg-mediawiki-devel
mailing list