CVE-2008-5687

Publication date 19 December 2008

Last updated 24 July 2024


Ubuntu priority

MediaWiki 1.11, and other versions before 1.13.3, does not properly protect against the download of backups of deleted images, which might allow remote attackers to obtain sensitive information via requests for files in images/deleted/.

Read the notes from the security team

Status

Package Ubuntu Release Status
mediawiki 9.10 karmic
Not affected
9.04 jaunty
Not affected
8.10 intrepid
Fixed 1:1.12.0-2ubuntu0.2
8.04 LTS hardy
Fixed 1:1.11.2-2ubuntu0.2
7.10 gutsy Ignored end of life, was needs-triage
6.06 LTS dapper Ignored end of life

Notes


mdeslaur

from debian: the CVE id description is wrong, this is fixed in 1.13.3