Debian Linux Security Advisory 4460-1 - Multiple security vulnerabilities have been discovered in MediaWiki, a website engine for collaborative work, which may result in authentication bypass, denial of service, cross-site scripting, information disclosure and bypass of anti-spam measures.
7a55a21890bc3aee34c8780e72fea6d81181006a290af0fbd95c42ec904669de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4460-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
June 12, 2019 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : mediawiki
CVE ID : CVE-2019-11358 CVE-2019-12466 CVE-2019-12467 CVE-2019-12468
CVE-2019-12469 CVE-2019-12470 CVE-2019-12471 CVE-2019-12472
CVE-2019-12473 CVE-2019-12474
Multiple security vulnerabilities have been discovered in MediaWiki, a
website engine for collaborative work, which may result in authentication
bypass, denial of service, cross-site scripting, information disclosure
and bypass of anti-spam measures.
For the stable distribution (stretch), these problems have been fixed in
version 1:1.27.7-1~deb9u1.
We recommend that you upgrade your mediawiki packages.
For the detailed security status of mediawiki please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mediawiki
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl0AKJkACgkQEMKTtsN8
TjZ86w/8DS+RqKpd4/7x4RQMwj0nwO1KVnUaWzC5SWlIopExLQ68ysXiBelcHJJW
iYIldZRbmwUCb0TRMLp6eKw0xrIGlo21e3/ueWEPcRM5hLtVb1yZlxbvkWY8PaAT
95Zabc+XI31JcqqwTQIqc8H5EiRZlup8G+kezyINkhidQwOx3DnfBMpnsQqzpKH8
Kd7ihg0DqMzI2NhStTlL6htYXbNSMjpwX906rE4TkuJ3+ZlzJfFfoFVWFUhTG0nu
/5mUkGVmHONOhQCcrN7u+qxDcvMgnAvlLmfkngVHgCZ46tjHGTRMSpvCFRQEu9md
R5GlP/q7Zkhyg/i72fz0RTYDaN60CzKICX6lpnpZYNEBN1VnxiQ9m8TUvUJVeEcU
F7bB+FtQhYDC3uv5A6GgkqZwSat9FXa/HYlpySz+nSmNP+ewxwQ92d56XzZB/G0q
DgYny0FoqaX1+Jo9YqW5xUhIq97z7wKXZojUDmWFsDwAkadlyNfT8BGlL51Am3a3
zbA1pofnD2TD+j4jpfCEjAxfFDBU2wV6AMXyW2YUS6Fxi9uhViGOCmpo26GXkrG5
X+wZiAiJsiHlsJ1UUSPogNtmA0Zrot+Dw3oOfV8EGpLX+qrVjjQzFbmuwIClKBzQ
DxvqSkLFuYXVpluu6IoaoEmipP3jDRLT9jFKeAafa7gU8VToCsI=
=nIF6
-----END PGP SIGNATURE-----