Debian alert DLA-3896-1 (mediawiki)

From:
             
 
Adrian Bunk <bunk@debian.org>
To:
             
 
debian-lts-announce@lists.debian.org
Subject:
             
 
[SECURITY] [DLA 3896-1] mediawiki security update
Date:
             
 
Thu, 26 Sep 2024 16:37:17 +0300
Message-ID:
             
 
<ZvVjjTy2yydX6of4@localhost>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3896-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
September 26, 2024                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : mediawiki
Version        : 1:1.35.13-1+deb11u3
CVE ID         : CVE-2023-51704

Privileged XSS in the user rights log has been fixed in the MediaWiki
wiki engine.

For Debian 11 bullseye, this problem has been fixed in version
1:1.35.13-1+deb11u3.

We recommend that you upgrade your mediawiki packages.

For the detailed security status of mediawiki please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mediawiki

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmb1Y40ACgkQiNJCh6LY
mLEbaQ//dPf0ZTPFa2RDQsMohD8emwVIVJZ1SNvID+1Hc3dblgx3FeU0H/s1kX7a
hc00ekFRf+frgVRnPwhKirRk4ppqK6lBbUn9KmbeDtMjxlcVzNyM7ZwmwO6Z5ZkI
2TA9K5Awclgn/hWMtHv5ioLBA2K/EGE7CTSoty9Nj+tAdo1WSVWHXmxuxYbO/YHQ
2lPbcjtu1v1wCkCwt0U5gMEkzFGJewnKMH3zca/kA78fu2bH7yO2UOHpSGt6ve5o
1+MR6O8xdGsx34yb4WaL8NgftPFAAJTWn48bDg8I0kDcergy57Zz5wNOYQcVckde
u8ssOkGNG9bU+V3QJk1m8eDEvGIC/NRoAXteB2/pHpBI5lx60y5HtyATcVCIo7Ew
Nga8KeB/ChBk1TeLtXEnQVoMKa9XEyGhaKC1sTYAgq2NXgn/ZuPhspZri54ZknKD
x4EwSBx5dhGljID7yME0kEr6pUTp37RLAfExOa3ImX56qy121cgdWN8s6cpNrVlQ
43D9J2mgJN/4vcel/poLkxCFN5U21vz2Zex8g0EnyHz6YgSkF3RQbHiVVq3AdnpP
H9BqLlCwznu+xlhArlSRWJK62dMvEe12WYUplXVte+e4zCJq6VTUFEyKygUdOjeA
iRaOxy5Fb90M2+HVE3Uu8M94oeJJAmxxzOo9CUNb1Ke1Et+cs80=
=K5Dl
-----END PGP SIGNATURE-----