[Secure-testing-team] mediawiki: NMU to fix CVE-2008-5249, CVE-2008-5250, CVE-2008-5252

Giuseppe Iuculano giuseppe at iuculano.it
Sun Jan 18 11:17:01 UTC 2009 

Hi,

the attacked debdiff is for a proposed NMU to fix CVE-2008-5249, CVE-2008-5250,
CVE-2008-5252 in lenny. (Backported from mediawiki 1.12.3)

mediawiki (1:1.12.0-2lenny2) testing-security; urgency=high

  * Security update, NMU to fix fix CVE-2008-5249, CVE-2008-5250, CVE-2008-5252
  * debian/patches/CVE-2008-5249_CVE-2008-5250_CVE-2008-5252.patch:
    - Fixed output escaping for reporting of non-MediaWiki exceptions.
      Potential XSS if an extension throws one of these with user input.
    - Avoid fatal error in profileinfo.php when not configured.
    - Fixed CSRF vulnerability in Special:Import. Fixed input validation in
      transwiki import feature.
    - Add a .htaccess to deleted images directory for additional protection
      against exposure of deleted files with known SHA-1 hashes on default
      installations.
    - Fixed XSS vulnerability for Internet Explorer clients, via file uploads
      which are interpreted by IE as HTML.
    - Fixed XSS vulnerability for clients with SVG scripting, on wikis where SVG
      uploads are enabled. Firefox 1.5+ is affected.
    - Avoid streaming uploaded files to the user via index.php. This allows
      security-conscious users to serve uploaded files via a different domain,
      and thus client-side scripts executed from that domain cannot access the
      login cookies. Affects Special:Undelete, img_auth.php and thumb.php.
    - When streaming files via index.php, use the MIME type detected from the
      file extension, not from the data. This reduces the XSS attack surface.
    - Blacklist redirects via Special:Filepath. Such redirects exacerbate any
      XSS vulnerabilities involving uploads of files containing scripts.
  Closes: #508869, #508870

 -- Giuseppe Iuculano <giuseppe at iuculano.it>  Sun, 18 Jan 2009 11:54:02 +0100




Cheers,
Giuseppe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mediawiki_1.12.0-2lenny2.debdiff.gz
Type: application/x-gzip
Size: 15052 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20090118/aedb3107/attachment-0001.bin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20090118/aedb3107/attachment-0001.pgp

More information about the Secure-testing-team mailing list