DLA-3117-1

Source
https://storage.googleapis.com/debian-osv/dla-osv/DLA-3117-1.json
Published
2022-09-22T00:00:00Z
Modified
2023-06-28T06:37:10.385393Z
Details

Several security vulnerabilities were discovered in mediawiki, a website engine for collaborative work. Insufficiently escaped input text may allow a malicious user to perform cross-site-scripting (XSS) attacks.

For Debian 10 buster, these problems have been fixed in version 1:1.31.16-1+deb10u3.

We recommend that you upgrade your mediawiki packages.

For the detailed security status of mediawiki please refer to its security tracker page at: https://security-tracker.debian.org/tracker/mediawiki

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS

References

Affected packages

Debian:10 / mediawiki

Source Details

Package Name
mediawiki

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
1:1.31.16-1+deb10u3

Affected versions

1:1.*

1:1.31.2-1
1:1.31.4-1~deb10u1
1:1.31.4-1
1:1.31.5-1
1:1.31.5-2
1:1.31.5-3
1:1.31.6-1~deb10u1
1:1.31.6-1
1:1.31.7-1~deb10u1
1:1.31.7-1
1:1.31.8-1
1:1.31.10-1~deb10u1
1:1.31.12-1~deb10u1
1:1.31.14-1~deb10u1
1:1.31.16-1~deb10u1
1:1.31.16-1+deb10u2