summaryrefslogtreecommitdiff
path: root/sysutils/bacula
diff options
context:
space:
mode:
authormartti <martti@pkgsrc.org>2010-05-28 08:11:32 +0000
committermartti <martti@pkgsrc.org>2010-05-28 08:11:32 +0000
commitca83c5242f20912625ae49239708bc1d06ddcb0a (patch)
treea0e6fb17dc2c7c66c749ed0625aaca915f1319da /sysutils/bacula
parent695f8609dc4ff521115b80e8db92f0f62bd72ea7 (diff)
downloadpkgsrc-ca83c5242f20912625ae49239708bc1d06ddcb0a.tar.gz
Updated www/mediawiki to 1.15.4
This is a security and bugfix release of MediaWiki 1.15.4. Two security vulnerabilities were discovered. Kuriaki Takashi discovered an XSS vulnerability in MediaWiki. It affects Internet Explorer clients only. The issue is presumed to affect all recent versions of IE, it has been confirmed on IE 6 and 8. Noncompliant CSS parsing behaviour in Internet Explorer allows attackers to construct CSS strings which are treated as safe by previous versions of MediaWiki, but are decoded to unsafe strings by Internet Explorer. Full details can be found at: https://bugzilla.wikimedia.org/show_bug.cgi?id=23687 A CSRF vulnerability was discovered in our login interface. Although regular logins are protected as of 1.15.3, it was discovered that the account creation and password reset features were not protected from CSRF. This could lead to unauthorised access to private wikis. See https://bugzilla.wikimedia.org/show_bug.cgi?id=23371 for details. These vulnerabilities are serious and all users are advised to upgrade. Remember that CSRF and XSS vulnerabilities can be used even against firewall-protected intranet installations, as long as the attacker can guess the URL.
Diffstat (limited to 'sysutils/bacula')
0 files changed, 0 insertions, 0 deletions