1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3046-1] mediawiki security update

    From Salvatore Bonaccorso@1:229/2 to All on Sun Oct 5 17:40:03 2014
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3046-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso October 05, 2014 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : mediawiki
    CVE ID : CVE-2014-7295

    It was reported that MediaWiki, a website engine for collaborative work, allowed to load user-created CSS on pages where user-created JavaScript
    is not allowed. A wiki user could be tricked into performing actions by manipulating the interface from CSS, or JavaScript code being executed
    from CSS, on security-wise sensitive pages like Special:Preferences and Special:UserLogin. This update removes the separation of CSS and
    JavaScript module allowance.

    For the stable distribution (wheezy), this problem has been fixed in
    version 1:1.19.20+dfsg-0+deb7u1.

    For the unstable distribution (sid), this problem has been fixed in
    version 1:1.19.20+dfsg-1.

    We recommend that you upgrade your mediawiki packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBCgAGBQJUMWQQAAoJEAVMuPMTQ89EIFEP/jGfYxU9UQ4JBoIu84wsRjuP MXI7mGNuhA9dnwxKaAzEddqlmVrVy5tgP18kanlB1agzBR3O7JWqel8BjAWWU3wV LIRTrlTQTh3EFeXuaPAKUrXPHognDcixhcPUNsVn6oeuwNaHDI7T9cQseDKlnvPU VtVexVVE6YpPyUg3LIO6EPt1U3dVLr6AG8/BbweooYwQyB3tupbemGWptI6rEeRK MqIxRuld3xkAG7SZJXv7pLnRDZBzXW/LcRD5r7CtSdfUeIFqcMOBhMR2lWH52jMg 0jM3koPnukXOYPOQIYD+l3+wG65mPqb/gtToRObPqGgcPCTup0eMcWu97Nz9CUDp QW2iTo/M9e+4T+uAg5ETeWiK0i3k6R7MpcSBJuTv2ckbDvqZKvslzLjLXJ4MsheD mbv0gmub3wDojWLwYq8+PAsCJSaGFZhZqME2aFps0xxqFQVo03JULZZK/hbIjFgl GpXH+Exb7iAuCiZM+tSgMe/GJ324J53qudKaifDbypaLWZLT4T1WN24IHZv6Icpv W08Em5Guc0nyC4mYFb9+J+t/yXd6M3hfhc1I+9fqdX+uLFlvx/nNm8wU87QuuQs/ k64awl9aUDbZxDGdC8OxwDfh1EeXroNMHueDPj82t76+dRU3+sBjJkhnQMp3S/LD RMJttMX597NHP2RBLApx
    =KdNC
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)