it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4651-1] mediawiki security update

From: Moritz Muehlenhoff <jmm AT debian.org>
To: debian-security-announce AT lists.debian.org
Subject: [IT-SecNots] [SECURITY] [DSA 4651-1] mediawiki security update
Date: Thu, 2 Apr 2020 20:47:11 +0000
List-archive: https://lists.debian.org/msgid-search/20200402204711.f6ehomg7c4zxo5rm AT seger.debian.org
List-id: <debian-security-announce.lists.debian.org>
List-url: <http://lists.debian.org/debian-security-announce/>
Old-return-path: <jmm AT seger.debian.org>
Priority: urgent
Resent-date: Thu, 2 Apr 2020 20:47:28 +0000 (UTC)
Resent-from: debian-security-announce AT lists.debian.org
Resent-message-id: <aa-dJ4tpgrF.A.TpH.g9kheB@bendel>
Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4651-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
April 02, 2020 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : mediawiki
CVE ID : CVE-2020-10960

It was discovered that some user-generated CSS selectors in MediaWiki, a
website engine for collaborative work, were not escaped.

The oldstable distribution (stretch) is not affected.

For the stable distribution (buster), this problem has been fixed in
version 1:1.31.7-1~deb10u1.

We recommend that you upgrade your mediawiki packages.

For the detailed security status of mediawiki please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mediawiki

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl6GTzAACgkQEMKTtsN8
TjZ4KA//d4YE+pbwN/DmJ66nM8eMazlXp8Cbeazu3kfRZ/E/UrmPoloJ7zic2j1a
yl18Bh7xu0sPdsFmqsANguH6dWDJNiFrxRNMcwvBNGJk6UC6RWp4gc+b5Q7kW0vd
VoVSCHjbOLBET8j5jSU25nhZASK35YYBxcVqyDDKzC7s7/lfOUxfGC6W13UhJdxd
6qJvtRFcfUKCzbwJEuxSb961hVmtDX5/mwo5iupDSScl5rdt8/Sz2ZpHIxrSfpcp
6LK+WHydFrCwZ+W4TtaS5ro+hNvk2UDe1/s9aIgbSrc6y92xVV+O+mHZ9vGooCf8
+/fj9TblQz5IeBHPZ51II/8YyTiGZ5GuWJVEgQoMtBkBdx55wWu14eBb+XVW78b+
JkxIUJHCTOYcscfYnZX36DxbFkbH2+5HvYN3D7WGEFWSZq/orpAdtHvW56nUv+Tg
sI844e4Z055uqeB93+KNzmK1xilPc7Trh7DCJwD4fRQFRDft6Oy9Pkok2fdPzOeL
mX1KSdoFxa8WwpyhijrsF9WbVPGuItX0iVzgGFQOwTVyFwE0eKsKvLCjaCrE6rQY
yyDNWRnReeDaRvbuC4asOhTNGhm0VmK+WTIA5090A7d7eT+9amQ+Ki5yM+pqygvq
Nxvfw1ZK2AhRxLYR7mdkNV0/KQwmwWIBYPSYCFoyMepDlGryotY=
=MpI/
-----END PGP SIGNATURE-----

[IT-SecNots] [SECURITY] [DSA 4651-1] mediawiki security update, Moritz Muehlenhoff, 02.04.2020

Archiv bereitgestellt durch MHonArc 2.6.19.