DSA-5447-1 mediawiki -- security update

Debian Security Advisory

DSA-5447-1 mediawiki -- security update

Date Reported:

05 Jul 2023

Affected Packages:

mediawiki

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 1039075.
In Mitre's CVE dictionary: CVE-2023-29141, CVE-2023-36674, CVE-2023-36675.

More information:

Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, a bypass of vandalism protections or information disclosure.

For the oldstable distribution (bullseye), these problems have been fixed in version 1:1.35.11-1~deb11u1.

For the stable distribution (bookworm), these problems have been fixed in version 1:1.39.4-1~deb12u1.

We recommend that you upgrade your mediawiki packages.

For the detailed security status of mediawiki please refer to its security tracker page at: https://security-tracker.debian.org/tracker/mediawiki