[Pkg-mediawiki-devel] Bug#799096: mediawiki: CVE-2015-6727 CVE-2015-6728 CVE-2015-6729 CVE-2015-6730

[Salvatore Bonaccorso]

Source: mediawiki
Version: 1:1.19.5-1
Severity: important
Tags: security upstream

Hi,

the following vulnerabilities were published for mediawiki.

CVE-2015-6727[0]:
| The Special:DeletedContributions page in MediaWiki before 1.23.10,
| 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers
| to determine if an IP is autoblocked via the "Change block" text.

CVE-2015-6728[1]:
| The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10,
| 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token
| comparison in constant time, which allows remote attackers to guess
| the watchlist token and bypass CSRF protection via a timing attack.

CVE-2015-6729[2]:
| Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki
| before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows
| remote attackers to inject arbitrary web script or HTML via the rel404
| parameter, which is not properly handled in an error page.

CVE-2015-6730[3]:
| Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki
| before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows
| remote attackers to inject arbitrary web script or HTML via the f
| parameter, which is not properly handled in an error page, related to
| "ForeignAPI images."

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-6727
[1] https://security-tracker.debian.org/tracker/CVE-2015-6728
[2] https://security-tracker.debian.org/tracker/CVE-2015-6729
[3] https://security-tracker.debian.org/tracker/CVE-2015-6730

Regards,
Salvatore