[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2648-2] mediawiki regression update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2648-2                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Abhijith PA
May 07, 2021                                  https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : mediawiki
Version        : 1:1.27.7-1~deb9u9
CVE ID         : CVE-2021-20270 CVE-2021-27291 CVE-2021-30152 
                 CVE-2021-30155 CVE-2021-30158 CVE-2021-30159
Debian Bug     : 985574 984664 

The patch from latest upstream release to address CVE-2021-30152 was 
not portable to stretch-security version causing MediaWiki APIs to 
fail. This update includes a patch from upstream REL_31 release which 
fix the issue.  

For Debian 9 stretch, this problem has been fixed in version
1:1.27.7-1~deb9u9.

We recommend that you upgrade your mediawiki packages.

For the detailed security status of mediawiki please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mediawiki

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAmCUSB4ACgkQhj1N8u2c
KO8hpBAAkst5ahifh0prc0rkNOcEEZnfnzndhYG+NzLKK6H7rywKGV6v/HmHWyEP
mR7AanUUhz71xmlq6EEkEqTuR4nwgTIQpvWkx6+Zs4wOoQ9Eqs75Z1gprYIIG8nM
pC9TFH5q8UuldX7c50RuYVjLqusAqsF9Jua9AkqChdss2PicmgyJBbPkBeC3QwzK
WQURobRofpLS+6f1OOcnk9/WV9aacYae6VG61oR+DS2bLNe+POvhlptWGqtx+12R
GZpcHNTLYzmMaE04kBqH8WikrLYyEubXdSD9XWGms3OWZeRRLMdwHc4gv18cI2OP
27fniHnUZ5R77eOv8Dyxsv7Xm/Gkf5m7dAO/wLLmwTSXFeeLR9Q9DMsygHZrbyh1
GxtwXCSFAr7kvhUGaIa04efGkveKkK0uw1ZdS7wCybWQMpZEh3TytnNtwp20ERw3
EmIVuHghTQ0sHHkVDuJU/2KcqcJB9f+Ox8vfqK7LyVsyJDpEp9mW0NU0moLvh36w
+DJgQXs2Jm7hJobka3L2CkfZEdkT4vBZkm/xMDfdvzsv64Tus1rRnJWE4rH/5clo
1oCfwzUGlnlAB1kNyiymf7nlnH5RCfNBFop0FFxZ4NYeps0T1L88bWLT/0hl2U+l
Lq14rWSZuqQ/zOUMEbVhIXs1ZLIQCIEhspA/aSBeyQX+4bCGdgc=
=8qMl
-----END PGP SIGNATURE-----
Reply to: