------------------------------------------------------------------------- Debian LTS Advisory DLA-3796-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin April 27, 2024 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : mediawiki Version : 1:1.31.16-1+deb10u8 CVE ID : CVE-2023-51704 Security vulnerabilities were found in mediawiki, a website engine for collaborative work, that could lead to information disclosure, privilege escalation, or denial of service. CVE-2023-51704 group-.*-member messages were not properly escaped on Special:log/rights. CVE-2024-PENDING It was discovered that Special:MovePage did not limit nor truncate the list of subpages, which could lead to denial of service when. (The CVE ID for this issue has not been assigned yet.) For Debian 10 buster, this problem has been fixed in version 1:1.31.16-1+deb10u8. We recommend that you upgrade your mediawiki packages. For the detailed security status of mediawiki please refer to its security tracker page at: https://security-tracker.debian.org/tracker/mediawiki Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature