DSA-5447-1 mediawiki -- security update

Related Vulnerabilities: CVE-2023-29141   CVE-2023-36674   CVE-2023-36675  

Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, a bypass of vandalism protections or information disclosure. For the oldstable distribution (bullseye), these problems have been fixed in version 1:1.35.11-1~deb11u1. For the stable distribution (bookworm), these problems have been fixed in version 1:1.39.4-1~deb12u1. We recommend that you upgrade your mediawiki packages. For the detailed security status of mediawiki please refer to its security tracker page at: https://security-tracker.debian.org/tracker/mediawiki

Debian Security Advisory

DSA-5447-1 mediawiki -- security update

Date Reported:
05 Jul 2023
Affected Packages:
mediawiki
Vulnerable:
Yes
Security database references:
In the Debian bugtracking system: Bug 1039075.
In Mitre's CVE dictionary: CVE-2023-29141, CVE-2023-36674, CVE-2023-36675.
More information:

Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, a bypass of vandalism protections or information disclosure.

For the oldstable distribution (bullseye), these problems have been fixed in version 1:1.35.11-1~deb11u1.

For the stable distribution (bookworm), these problems have been fixed in version 1:1.39.4-1~deb12u1.

We recommend that you upgrade your mediawiki packages.

For the detailed security status of mediawiki please refer to its security tracker page at: https://security-tracker.debian.org/tracker/mediawiki