Candidate: CVE-2010-1190
PublicDate: 2010-03-31 18:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1190
 http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html
Description:
 thumb.php in MediaWiki before 1.15.2, when used with access-restriction
 mechanisms such as img_auth.php, does not check user permissions before
 providing scaled images, which allows remote attackers to bypass intended
 access restrictions and read private images via unspecified manipulations.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_mediawiki:
 upstream: http://svn.wikimedia.org/viewvc/mediawiki?view=revision&revision=63431
upstream_mediawiki: released (1.15.2)
dapper_mediawiki: ignored (reached end-of-life)
hardy_mediawiki: released (1:1.11.2-2ubuntu0.7)
intrepid_mediawiki: needed (reached end-of-life)
jaunty_mediawiki: released (1:1.13.3-1ubuntu2.4)
karmic_mediawiki: released (1:1.15.0-1.1ubuntu0.4)
lucid_mediawiki: released (1:1.15.1-1ubuntu1)
devel_mediawiki: released (1:1.15.1-1ubuntu1)