Debian Security Advisory
DSA-3011-1 mediawiki -- security update
- Date Reported:
- 23 Aug 2014
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 752622, Bug 758510.
In Mitre's CVE dictionary: CVE-2014-5241, CVE-2014-5243.
- More information:
It was discovered that MediaWiki, a website engine for collaborative work, is vulnerable to JSONP injection in Flash (CVE-2014-5241) and clickjacking between OutputPage and ParserOutput (CVE-2014-5243). The vulnerabilities are addressed by upgrading MediaWiki to the new upstream version 1.19.18, which includes additional changes.
For the stable distribution (wheezy), these problems have been fixed in version 1:1.19.18+dfsg-0+deb7u1.
For the unstable distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your mediawiki packages.