[SECURITY] [DLA 2847-1] mediawiki security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2847-1] mediawiki security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Wed, 15 Dec 2021 20:04:39 +0000
Message-id: <[🔎] 20211215200439.GB4117@seger.debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2847-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                   Moritz Muehlenhoff
December 15, 2021                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : mediawiki
Version        : 1:1.27.7-1+deb9u11
CVE ID         : CVE-2021-44858

A security issue was discovered in MediaWiki, a website engine for
collaborative work: Missing validation in the mcrundo action may allow
allow an attacker to leak page content from private wikis or to bypass
edit restrictions.

For additional information please refer to
https://www.mediawiki.org/wiki/2021-12_security_release/FAQ

For Debian 9 stretch, this problem has been fixed in version
1:1.27.7-1+deb9u11.

We recommend that you upgrade your mediawiki packages.

For the detailed security status of mediawiki please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mediawiki

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmG6SM4ACgkQEMKTtsN8
TjY+WA/7Bmk+zIS5SDNFiz3WhZe8AVe0zf4e89y4MoGD1mnPfUNjSQrnc6u7v/5y
6JE5Pz+hj0XVyp7SxB3+aVMKv2REt+DlGXVXckhESm2MTHnYcPOnmVBrVnBLQZtj
hAM+tyFwMn0s6mEFblI38c0z4G6p38TIl5bLSBdCVTpOz80mgMekoIt10m51BOEW
FWsOYWGPjzgZIU2/FmMjZpdIOFft7EHxuMZv5lQ7wmFX3JifhjU2hYlShgZNpVwW
cxLYZ/RhXF4ptnlRvQOhk+wcFcmw/W9HfoCHB9Asijn0Fuxl8RPpx7LBSRY3Ao+J
07W2m0LbhVIvnbT83YyB2YNtddY/CkPH0aS574xHEfJ3Q4xjLdNC/LK7S9oKXoYI
wQaWnMEUhMIk6JsWJ4tTFWkGg22T2lbEJCqwdYvQoqiq+LdfUpFa9FN3PLeVl/lC
qTi1nrMI0PuyBGKr5UUWltQpaP14dJrGXgvvqZqvefnSqy9j8f64Uy/iAPRRWjoL
IeD8lLtgYY83X1bakjEK5EL3ACFHK+dxuRtES48fkMXw7QzutyKQwqeo0BxYyL6G
2et34200NU+yMQld+QARWIg9m5fhZFUYWj160LdiN9XA84XuFgJ8WHtvkaRWS7Ri
8HLUZdWR8bYwl7iUk4Z6180+PO9/2HTxerkAHKklvMvCg3WKx6Y=
=GNb2
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2845-1] libsamplerate security update
Next by Date: [SECURITY] [DLA 2843-1] linux security update
Previous by thread: [SECURITY] [DLA 2845-1] libsamplerate security update
Next by thread: [SECURITY] [DLA 2843-1] linux security update
Index(es):
- Date
- Thread