it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5785-1] mediawiki security update

From: Moritz Muehlenhoff <jmm AT debian.org>
To: debian-security-announce AT lists.debian.org
Subject: [IT-SecNots] [SECURITY] [DSA 5785-1] mediawiki security update
Date: Sat, 5 Oct 2024 17:55:34 +0000
Authentication-results: lists.piratenpartei.de; dkim=none; spf=none (lists.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 82.195.75.100) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
List-archive: https://lists.debian.org/msgid-search/ZwF9lqOWonZ8KT5o AT seger.debian.org
List-id: <debian-security-announce.lists.debian.org>
List-url: <http://lists.debian.org/debian-security-announce/>
Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=S4scvZJ4VYWqYr3bIvPIrYmbHNzMzUJB8+3CqF8feFU=; b=JU 4Q4XPVGgiEHumMKItp/taTVXP2za2FuJxw3XEZ7SLjPPe5hioQJNrJjNQ4fOhT+X0nvSsKopf0Io/ gf3gkbK91voKT3qmxDWEGz1+875TehZn7erkBUmyKb5yIl+3AY4I+CtKsKZsIQqYrQEiTVVHMTbrP 4fsvVWsRKDuyzCfD/QgqFqhkGcxeInq/7lZbpoyo1hJ4/TaJ1nAkwJFskpkJ4A6u7CxVFXbxf4IvP sis9p2Gfx9UsoMvnsccuvgiNZ7fkHp+m+C+2JHPQ/jsdzjaAcpHCeJDThymsu7H9uu0LNUDCpruD+ cmt67XoQ+pRwFDuWE/Xu0BaYoA+pDPWA==;
Old-return-path: <jmm AT seger.debian.org>
Priority: urgent
Resent-date: Sat, 5 Oct 2024 17:56:03 +0000 (UTC)
Resent-from: debian-security-announce AT lists.debian.org
Resent-message-id: <ns2u5WGGeXE.A.J5WJ.z2XAnB@bendel>
Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5785-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
October 05, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : mediawiki
CVE ID : CVE-2024-47913

Dom Walden discovered that the AbuseFilter extension in MediaWiki, a
website engine for collaborative work, performed incomplete authorisation
checks.

For the stable distribution (bookworm), this problem has been fixed in
version 1:1.39.10-1~deb12u1.

We recommend that you upgrade your mediawiki packages.

For the detailed security status of mediawiki please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mediawiki

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmcBfMEACgkQEMKTtsN8
TjbSyRAAquV+ePBJ2hoYLTNvZnz8yRbNsNaW8lqLY/LhN/lzmloAvV62gyEyYi+p
Qbp+tCyT258cSwzLz6aT2H0/X276PiWGIV+BTzVevejFQWWh1RCfnRRh9cTPZRTT
2EW/IDSraotXyb6B/oKIIdJerY8mr7ZZaMFr34mLGH5q+oAYJYt1g/LQVO+y/SQx
BtSgDNmShKQnre3M+8UH7tAW2ewq+RAAZu55Nr5ChgGjzidP3DciDH7JZt4jyMNl
EVyn4smpvisEtM4B+WeMCX/LhYHwXtrakywZfEAAcbYqrto3dqbapFSqaA+6g4ru
96DtYLY0IDQI55IVPi6J0hB5N/5ezXjwnHz4N7OQCU+MtpcuYfbY0KlpJcO3/q2o
9lK/1m2O0jsKYMjGrW3E4lvmB44rZIDEWts0UsqJZy9pef3ucu4FZOSbv7po8B/A
4MFPZ/asow2wYG1MIWYB3kL+LkuyzBXKDLbkJ03mwp7E7NmKi823ICUu3gVZzaeU
km/tKtB6Xmumr39CtXy+gAiH2gnIytlrpNHz3FAeluk1WYfV88SaDPuPnSI0U2Qz
TLUuQY72tCEgN8JGtGYs6TqtJq2yWsIyvQ+Ax10q2zXYZO8IZBtYf/etpPz47Mul
cx4AOAiDwJ1+Lplr1006IZXrBkxxyo/veqmz5rjZym4G7Vh93l0=
=m9Jl
-----END PGP SIGNATURE-----

[IT-SecNots] [SECURITY] [DSA 5785-1] mediawiki security update, Moritz Muehlenhoff, 05.10.2024

Archiv bereitgestellt durch MHonArc 2.6.19+.