[SECURITY] [DSA 4460-1] mediawiki security update

From: Moritz Muehlenhoff <jmm@debian.org>
To: bugtraq@securityfocus.com
Cc:
Subject: [SECURITY] [DSA 4460-1] mediawiki security update
Date:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4460-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
June 12, 2019                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : mediawiki
CVE ID         : CVE-2019-11358 CVE-2019-12466 CVE-2019-12467 CVE-2019-12468 
                 CVE-2019-12469 CVE-2019-12470 CVE-2019-12471 CVE-2019-12472 
                 CVE-2019-12473 CVE-2019-12474

Multiple security vulnerabilities have been discovered in MediaWiki, a
website engine for collaborative work, which may result in authentication
bypass, denial of service, cross-site scripting, information disclosure
and bypass of anti-spam measures.

For the stable distribution (stretch), these problems have been fixed in
version 1:1.27.7-1~deb9u1.

We recommend that you upgrade your mediawiki packages.

For the detailed security status of mediawiki please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mediawiki

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl0AKJkACgkQEMKTtsN8
TjZ86w/8DS+RqKpd4/7x4RQMwj0nwO1KVnUaWzC5SWlIopExLQ68ysXiBelcHJJW
iYIldZRbmwUCb0TRMLp6eKw0xrIGlo21e3/ueWEPcRM5hLtVb1yZlxbvkWY8PaAT
95Zabc+XI31JcqqwTQIqc8H5EiRZlup8G+kezyINkhidQwOx3DnfBMpnsQqzpKH8
Kd7ihg0DqMzI2NhStTlL6htYXbNSMjpwX906rE4TkuJ3+ZlzJfFfoFVWFUhTG0nu
/5mUkGVmHONOhQCcrN7u+qxDcvMgnAvlLmfkngVHgCZ46tjHGTRMSpvCFRQEu9md
R5GlP/q7Zkhyg/i72fz0RTYDaN60CzKICX6lpnpZYNEBN1VnxiQ9m8TUvUJVeEcU
F7bB+FtQhYDC3uv5A6GgkqZwSat9FXa/HYlpySz+nSmNP+ewxwQ92d56XzZB/G0q
DgYny0FoqaX1+Jo9YqW5xUhIq97z7wKXZojUDmWFsDwAkadlyNfT8BGlL51Am3a3
zbA1pofnD2TD+j4jpfCEjAxfFDBU2wV6AMXyW2YUS6Fxi9uhViGOCmpo26GXkrG5
X+wZiAiJsiHlsJ1UUSPogNtmA0Zrot+Dw3oOfV8EGpLX+qrVjjQzFbmuwIClKBzQ
DxvqSkLFuYXVpluu6IoaoEmipP3jDRLT9jFKeAafa7gU8VToCsI=
=nIF6
-----END PGP SIGNATURE-----





Copyright © 1995-2019 LinuxRocket.net. All rights reserved.