Candidate: CVE-2015-8001
PublicDate: 2015-11-09 18:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8001
 https://phabricator.wikimedia.org/T91203
Description:
 The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x
 before 1.24.4, and 1.25.x before 1.25.3 does not restrict the uploaded data
 to the claimed file size, which allows remote authenticated users to cause
 a denial of service via a chunk that exceeds the file size.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_mediawiki:
upstream_mediawiki: released (1:1.25.5-1)
precise_mediawiki: ignored (reached end-of-life)
precise/esm_mediawiki: DNE (precise was needs-triage)
trusty_mediawiki: ignored (reached end-of-life)
trusty/esm_mediawiki: DNE (trusty was needed)
vivid_mediawiki: ignored (reached end-of-life)
vivid/stable-phone-overlay_mediawiki: DNE
vivid/ubuntu-core_mediawiki: DNE
wily_mediawiki: ignored (reached end-of-life)
xenial_mediawiki: DNE
yakkety_mediawiki: ignored (reached end-of-life)
zesty_mediawiki: ignored (reached end-of-life)
artful_mediawiki: ignored (reached end-of-life)
bionic_mediawiki: not-affected (1:1.27.4-3)
cosmic_mediawiki: not-affected (1:1.31.1-3)
disco_mediawiki: not-affected (1:1.31.1-3)
devel_mediawiki: not-affected (1:1.31.1-3)