| Description: | Several vulnerabilities have been discovered in mediawiki, a web-based wiki engine. The following issues have been identified: Insufficient input sanitisation in the CSS validation code allows editors to display external images in wiki pages. This can be a privacy concern on public wikis as it allows attackers to gather IP addresses and other information by linking these images to a web server under their control. Insufficient permission checks have been found in thump.php which can lead to disclosure of image files that are restricted to certain users. For the stable distribution, this problem has been fixed in version 1:1.12.0-2lenny4. For the testing distribution, this problem has been fixed in version 1:1.15.2-1. For the unstable distribution, this problem has been fixed in version 1:1.15.2-1. |