DLA-3117-1

Source
https://storage.googleapis.com/debian-osv/dla-osv/DLA-3117-1.json
Aliases
  • CVE-2021-44856
  • CVE-2022-28201
  • CVE-2022-28202
  • CVE-2022-28203
  • CVE-2022-34911
  • CVE-2022-34912
Published
2022-09-22T00:00:00Z
Modified
2022-09-24T13:08:32.225310Z
Details

Several security vulnerabilities were discovered in mediawiki, a website engine for collaborative work. Insufficiently escaped input text may allow a malicious user to perform cross-site-scripting (XSS) attacks.

For Debian 10 buster, these problems have been fixed in version 1:1.31.16-1+deb10u3.

We recommend that you upgrade your mediawiki packages.

For the detailed security status of mediawiki please refer to its security tracker page at: https://security-tracker.debian.org/tracker/mediawiki

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS

References

Affected packages

Debian:10 / mediawiki

mediawiki

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Fixed
1:1.31.16-1+deb10u3

Affected versions

1:1.*

1:1.31.10-1~deb10u1
1:1.31.12-1~deb10u1
1:1.31.14-1~deb10u1
1:1.31.16-1+deb10u2
1:1.31.16-1~deb10u1
1:1.31.2-1
1:1.31.4-1
1:1.31.4-1~deb10u1
1:1.31.5-1
1:1.31.5-2
1:1.31.5-3
1:1.31.6-1
1:1.31.6-1~deb10u1
1:1.31.7-1
1:1.31.7-1~deb10u1
1:1.31.8-1