Security Information / 2022 / Security Information -- DSA-5246-1 mediawiki

Debian Security Advisory

DSA-5246-1 mediawiki -- security update

Date Reported:

04 Oct 2022

Affected Packages:

mediawiki

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2021-44854, CVE-2021-44855, CVE-2021-44856, CVE-2022-28201, CVE-2022-28202, CVE-2022-28203, CVE-2022-29248, CVE-2022-31042, CVE-2022-31043, CVE-2022-31090, CVE-2022-31091, CVE-2022-34911, CVE-2022-34912, CVE-2022-41765, CVE-2022-41767.

More information:

Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in restriction bypass, information leaks, cross-site scripting or denial of service.

For the stable distribution (bullseye), these problems have been fixed in version 1:1.35.8-1~deb11u1.

We recommend that you upgrade your mediawiki packages.

For the detailed security status of mediawiki please refer to its security tracker page at: https://security-tracker.debian.org/tracker/mediawiki