Candidate: CVE-2008-5687
PublicDate: 2008-12-19 17:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5687
 http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html
Description:
 MediaWiki 1.11, and other versions before 1.13.3, does not properly protect
 against the download of backups of deleted images, which might allow remote
 attackers to obtain sensitive information via requests for files in
 images/deleted/.
Ubuntu-Description:
Notes:
 mdeslaur> from debian: the CVE id description is wrong, this is fixed in 1.13.3
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_mediawiki:
upstream_mediawiki: released (1.13.3-1)
dapper_mediawiki: ignored (reached end-of-life)
gutsy_mediawiki: needs-triage (reached end-of-life)
hardy_mediawiki: released (1:1.11.2-2ubuntu0.2)
intrepid_mediawiki: released (1:1.12.0-2ubuntu0.2)
jaunty_mediawiki: not-affected (1.13.3-1)
karmic_mediawiki: not-affected (1.13.3-1)
devel_mediawiki: not-affected (1.13.3-1)