Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 5246-1] mediawiki security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5246-1] mediawiki security update


Chronologisch Thread  
    < Chronologisch >       < Thread >
  • From: Moritz Muehlenhoff <jmm AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 5246-1] mediawiki security update
  • Date: Tue, 4 Oct 2022 18:53:33 +0000
  • Authentication-results: mail.piratenpartei.de; dkim=none; dmarc=none; spf=none (mail.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 82.195.75.100) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"
  • List-archive: https://lists.debian.org/msgid-search/YzyBLSobHAP1L0I6 AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=1N2WqFCUbzXL1ni1DzDtjk6N9wk4qkZw2ieFTAgYp5o=; b=MA Vhb2RkiLJQ6po8MR5m+b788WsTexX2TR43N37q+xbRvV867povUa6rGU5UAq3GP5hDovS/JvDpYhc ntBrTzP/3FgUDT6SboSq3FBtn8SJP37tPvLsAjiSdZy2Wb2mA2lwLdlXLbOEHMILftfqDNKCUTe1E Oz3Ejr4DW4j/yQki1AWnfcHCViTo5w3HEYCTtSSG3Q52wWKufZHvWDmXw0Dy0UbL9jwko3iLJ/ZIi BVlQDJ/Smrz529bpsfh0YxR6WPxqPMmUd71lq7xPhTOLYwhy99xMu4WOuOD+To+RRDXbY0XRu0ixb ZzaYGopDfIfDFDOvkFD5awKSPGCDt53Q==;
  • Old-return-path: <jmm AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Tue, 4 Oct 2022 18:53:59 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <Xzx0ECr_RVM.A.eNF.HFIPjB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5246-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
October 04, 2022 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : mediawiki
CVE ID : CVE-2021-44854 CVE-2021-44855 CVE-2021-44856 CVE-2022-28201
CVE-2022-28202 CVE-2022-28203 CVE-2022-29248 CVE-2022-31042
CVE-2022-31043 CVE-2022-31090 CVE-2022-31091 CVE-2022-34911
CVE-2022-34912 CVE-2022-41765 CVE-2022-41767

Multiple security issues were discovered in MediaWiki, a website engine
for collaborative work, which could result in restriction bypass,
information leaks, cross-site scripting or denial of service.

For the stable distribution (bullseye), these problems have been fixed in
version 1:1.35.8-1~deb11u1.

We recommend that you upgrade your mediawiki packages.

For the detailed security status of mediawiki please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mediawiki

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmM8gAYACgkQEMKTtsN8
TjZF9Q//Q4aOymd80Qw9dwB9MwCCVE26XSQrIJoANebX+AA4LMcXNpSj1GydUtnk
zmbbZFD/JJHAphGCXswMeAlXzb4H6nH8YBehkxGMOFTLHESwSuKHHfkxWiIt+Btc
HDJI2YwYYJQZT/DWTY1/VJP1A4yBgh+dOhx9GsuHLKNY8YjO0lwtFzHa2IELKF8v
rgqg/VuQb/mzumEbI6SQXW7fUE3C/Afg9V9Y7v/f5ELXUkhGgaFDTEjpiB3ZN7GY
jEwGboRIRATrjz51uu+pGP65ktpOtVb0azfblPaov8elCSjDtwL5BP5xCDk9s1YS
iPoDyMnHTQDVx7C3hLPHMAGSWiMyqtTSZUXuBarCxvlvoldhvwxjrYtFDL6SsTQc
rFHz1wdbka6HXFhVQ8gfAnI3mpMtnI5hikWWSX7bca1L+zKZcFHk1UXRLzm/4FdA
HjkiyKjUyF8bKnIbonnskcLz6gELAcDU74GvDQLIBZlXSbOv9Sl670TJXa0M0JAs
h7tYtiApHSePQ/0vC/dGT+bVkWWdthOdmMyBFlU7Qx9DG++UqWKkPJjF+4saZbdW
e6yCFXY6l7+2fbAbV+lu2n193Ti2zcO8H5+7fu5TdA/GPsJH8S8C4jsLqIBS1xjq
EzwZJuNHnfbHYx7HkudGEnixsFwB8uV0Sg46XDfZwVWmc9mjWhY=
=8xpB
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 5246-1] mediawiki security update, Moritz Muehlenhoff, 04.10.2022

Archiv bereitgestellt durch MHonArc 2.6.24.

Seitenanfang