CVE-2013-6472

NameCVE-2013-6472
DescriptionMediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain information about deleted page via the (1) log API, (2) enhanced RecentChanges, and (3) user watchlists.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-2891-1
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
mediawiki (PTS)wheezy (security), wheezy1:1.19.20+dfsg-0+deb7u3fixed
stretch1:1.27.1-1fixed
sid1:1.27.1-2fixed
mediawiki-extensions (PTS)wheezy (security), wheezy3.5~deb7u2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mediawikisource(unstable)1:1.19.10+dfsg-1medium
mediawikisourcesqueeze(unfixed)end-of-life
mediawikisourcewheezy1:1.19.14+dfsg-0+deb7u1mediumDSA-2891-1
mediawiki-extensionssourcewheezy3.5~deb7u1mediumDSA-2891-1

Notes

https://bugzilla.wikimedia.org/show_bug.cgi?id=58699

Search for package or bug name: Reporting problems