• [SECURITY] [DSA 4767-1] mediawiki security update

    From Moritz Muehlenhoff@21:1/5 to All on Fri Sep 25 19:50:02 2020
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4767-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff September 25, 2020 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : mediawiki
    CVE ID : CVE-2020-15005 CVE-2020-25812 CVE-2020-25813 CVE-2020-25814
    CVE-2020-25815 CVE-2020-25827 CVE-2020-25828

    Multiple security issues were discovered in MediaWiki, a website engine
    for collaborative work: SpecialUserRights could leak whether a user
    existed or not, multiple code paths lacked HTML sanitisation allowing
    for cross-site scripting and TOTP validation applied insufficient rate
    limiting against brute force attempts.

    For the stable distribution (buster), these problems have been fixed in
    version 1:1.31.10-1~deb10u1.

    We recommend that you upgrade your mediawiki packages.

    For the detailed security status of mediawiki please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/mediawiki

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl9uK7EACgkQEMKTtsN8 TjYZIQ//Xmlayc3RkqA0XDHm9VV1y7tSfQpKzbF0nWFF5Yry8K8BLsuSz24t3g02 iJUFce5pIalU1mtMOjqf5qd+ZVqZHUJ1MIouXnUwLONSXVYOs5T2ddh50aN/B7wt r+hIk7mQS5Wtq1gMwVXgrcmefFQMzMMp/zLxFaIKrkQt9eHvPQKh7yixvSKHf0Li 3VSmHaYJwTDGc8VAuebebU/JsG3wLzJgsInC5nG1KPdaFWW9Mz3XGW15n9X02MYC t0l10sI6yo/QNwf3W0lZ49BqMitH0SNwK7KpKPGWc4WwrdcCQRMkx2oYIQ6diMb9 8m6/PDUOy+flEPym3P+ZSgj0G20WLXrdPEgqeASsDZeiRJPVeQOMXKu+c76tXCsF 6lLpTS3nrg0L6RpqxkF2hftGhA+WilKtHuIVmjN+JPR3bJeXOgYu5y6LryoYaKNv ppIbUinTYNdul7EZdUSZwmvwLqLJLcHCHXTEiSCQJ8no6VUjOI1zis3xVp2dP2yW k5gJkl+b6AGi4A+nR/ySE28YfEK/hG03zEHZ8VnrrjLA/uPYfWJgxkCYmeSMz9v1 eTjQhpe7tJYQzs0myGOm/QoxF+QuOEqrhJTJMSMFswOZhKk3TM1dBtSCIw9gABNB eC12yeS4Lf2ZlXfo9au2gjb7rJXjGqhugfRfAeohcMe/1s+303Y=
    =N41l
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)