Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 316701 - www-apps/mediawiki-1.15.3 "login CSRF" (CVE-2010-1150)
Summary: www-apps/mediawiki-1.15.3 "login CSRF" (CVE-2010-1150)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://download.wikimedia.org/mediawi...
Whiteboard: B4 [noglsa]
Keywords:
Depends on: CVE-2011-1765
Blocks:
  Show dependency tree
 
Reported: 2010-04-22 17:34 UTC by Alex Legler (RETIRED)
Modified: 2011-10-08 21:19 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Legler (RETIRED) archtester gentoo-dev Security 2010-04-22 17:34:12 UTC 
CVE-2010-1150 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1150):
  MediaWiki before 1.15.3, and 1.6.x before 1.16.0beta2, does not
  properly handle a correctly authenticated but unintended login
  attempt, which makes it easier for remote authenticated users to
  conduct phishing attacks by arranging for a victim to login to the
  attacker's account and then execute a crafted user script, related to
  a "login CSRF" issue.
Comment 1 Tim Harder gentoo-dev 2010-10-11 01:07:05 UTC 
I added mediawiki-1.15.5 to the tree a couple days ago which has fixes for this issue.
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2011-09-27 16:50:10 UTC 
A fixed package was stabilized via bug 366685. GLSA Vote: no.
Comment 3 Pierre-Yves Rofes (RETIRED) gentoo-dev 2011-10-08 21:19:21 UTC 
no too, and closing.