[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 4767-1] mediawiki security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4767-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
September 25, 2020                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : mediawiki
CVE ID         : CVE-2020-15005 CVE-2020-25812 CVE-2020-25813 CVE-2020-25814
                 CVE-2020-25815 CVE-2020-25827 CVE-2020-25828

Multiple security issues were discovered in MediaWiki, a website engine
for collaborative work: SpecialUserRights could leak whether a user
existed or not, multiple code paths lacked HTML sanitisation allowing
for cross-site scripting and TOTP validation applied insufficient rate
limiting against brute force attempts.

For the stable distribution (buster), these problems have been fixed in
version 1:1.31.10-1~deb10u1.

We recommend that you upgrade your mediawiki packages.

For the detailed security status of mediawiki please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mediawiki

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl9uK7EACgkQEMKTtsN8
TjYZIQ//Xmlayc3RkqA0XDHm9VV1y7tSfQpKzbF0nWFF5Yry8K8BLsuSz24t3g02
iJUFce5pIalU1mtMOjqf5qd+ZVqZHUJ1MIouXnUwLONSXVYOs5T2ddh50aN/B7wt
r+hIk7mQS5Wtq1gMwVXgrcmefFQMzMMp/zLxFaIKrkQt9eHvPQKh7yixvSKHf0Li
3VSmHaYJwTDGc8VAuebebU/JsG3wLzJgsInC5nG1KPdaFWW9Mz3XGW15n9X02MYC
t0l10sI6yo/QNwf3W0lZ49BqMitH0SNwK7KpKPGWc4WwrdcCQRMkx2oYIQ6diMb9
8m6/PDUOy+flEPym3P+ZSgj0G20WLXrdPEgqeASsDZeiRJPVeQOMXKu+c76tXCsF
6lLpTS3nrg0L6RpqxkF2hftGhA+WilKtHuIVmjN+JPR3bJeXOgYu5y6LryoYaKNv
ppIbUinTYNdul7EZdUSZwmvwLqLJLcHCHXTEiSCQJ8no6VUjOI1zis3xVp2dP2yW
k5gJkl+b6AGi4A+nR/ySE28YfEK/hG03zEHZ8VnrrjLA/uPYfWJgxkCYmeSMz9v1
eTjQhpe7tJYQzs0myGOm/QoxF+QuOEqrhJTJMSMFswOZhKk3TM1dBtSCIw9gABNB
eC12yeS4Lf2ZlXfo9au2gjb7rJXjGqhugfRfAeohcMe/1s+303Y=
=N41l
-----END PGP SIGNATURE-----


Reply to: