-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5021-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff December 15, 2021 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mediawiki CVE ID : CVE-2021-44857 CVE-2021-44858 CVE-2021-45038 Multiple security issues were discovered in MediaWiki, a website engine for collaborative work: Vulnerabilities in the mcrundo and rollback actions may allow an attacker to leak page content from private wikis or to bypass edit restrictions. For additional information please refer to https://www.mediawiki.org/wiki/2021-12_security_release/FAQ For the oldstable distribution (buster), these problems have been fixed in version 1:1.31.16-1+deb10u2. For the stable distribution (bullseye), these problems have been fixed in version 1:1.35.4-1+deb11u2. We recommend that you upgrade your mediawiki packages. For the detailed security status of mediawiki please refer to its security tracker page at: https://security-tracker.debian.org/tracker/mediawiki Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmG6RnkACgkQEMKTtsN8 TjYa2xAAvOtj88UkN/9V6/O64bKyIUtRrooaDFCweaGehT/pGS6G7NgRmrZ0C4nc V6iXc2muH7cLXjZpgG8fU9R84GOWTl6cxQCC+dM7ady/6w5SjVi33DnEzxmEWdd0 vCdOdyC9EMnBMtjhsXd9f5p8HiBVRSY32KmL9xVNZIeOd2pjiwx7iYKTEcxNSRGp 2H5SwwPM8TQFJiJXz5CBr23Iyk2WLLcZxhUPGEOkNxteN0DhxNRul9M+rgUzrBWV LY5qmT9F72T4x3pHm7p7dezQYqIHEUo1/q429KjMzmL7eHGghLXAZN9O3zMEsfzJ dP5m/Nrwqruy48UBVg7YtN+4x858gMwOei25HtM6iYg4eeJmyGkZd/cbd5YGGfUe Wt8O6U19AnFF6abL/qcqNVSQ5RIAkCQf0KvaR5KIbjEjmDe59gQCP7K3ih27Wzbb IXBTJcjqqgigiLEryylYI1OhVasfyT+0bczg1gMCgfNWmUcNZWICZ0gGPmVYkEEi 8l/re9TfQvF9nRxvV36bo44wKYe1Ywds5nbRK+jjcTS7m6+PwGMyPMu1tbxueOCy 6kx8nM+0jpgOVlvMW0wMqASO3DW1XKmZJY3CmWnP5zT86W4tvsuYSj1ZMG0vLjOd 0F2zmcsFSpLJTjOyDrLbmhwnFXwKBnDKBB78DyGWORzcka9jqfU= =eEGn -----END PGP SIGNATURE-----