[evolvis-commits] r18295: prepared new upstream release

mirabilos at evolvis.org mirabilos at evolvis.org
Wed Apr 11 11:16:15 CEST 2012


Author: mirabilos
Date: 2012-04-11 11:16:15 +0200 (Wed, 11 Apr 2012)
New Revision: 18295

Modified:
   trunk/mediawiki/debian/changelog
Log:
prepared new upstream release

Modified: trunk/mediawiki/debian/changelog
===================================================================
--- trunk/mediawiki/debian/changelog	2012-04-11 09:16:14 UTC (rev 18294)
+++ trunk/mediawiki/debian/changelog	2012-04-11 09:16:15 UTC (rev 18295)
@@ -1,3 +1,16 @@
+mediawiki (1:1.15.3-1) unstable; urgency=high
+
+  * New upstream release.
+  * Fixes security issue:
+  "MediaWiki was found to be vulnerable to login CSRF. An attacker who
+   controls a user account on the target wiki can force the victim to log
+   in as the attacker, via a script on an external website. If the wiki is
+   configured to allow user scripts, say with "$wgAllowUserJs = true" in
+   LocalSettings.php, then the attacker can proceed to mount a
+  phishing-style attack against the victim to obtain their password."
+
+ -- Romain Beauxis <toots at rastageeks.org>  Fri, 16 Apr 2010 14:44:09 -0500
+
 mediawiki (1:1.15.2-1) unstable; urgency=high
 
   * New upstream release.



More information about the evolvis-commits mailing list