From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4651-1
[email protected] https://www.debian.org/security/ Moritz Muehlenhoff
April 02, 2020
https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : mediawiki
CVE ID : CVE-2020-10960
It was discovered that some user-generated CSS selectors in MediaWiki, a website engine for collaborative work, were not escaped.
The oldstable distribution (stretch) is not affected.
For the stable distribution (buster), this problem has been fixed in
version 1:1.31.7-1~deb10u1.
We recommend that you upgrade your mediawiki packages.
For the detailed security status of mediawiki please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mediawiki
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at:
https://www.debian.org/security/
Mailing list:
[email protected]
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl6GTzAACgkQEMKTtsN8 TjZ4KA//d4YE+pbwN/DmJ66nM8eMazlXp8Cbeazu3kfRZ/E/UrmPoloJ7zic2j1a yl18Bh7xu0sPdsFmqsANguH6dWDJNiFrxRNMcwvBNGJk6UC6RWp4gc+b5Q7kW0vd VoVSCHjbOLBET8j5jSU25nhZASK35YYBxcVqyDDKzC7s7/lfOUxfGC6W13UhJdxd 6qJvtRFcfUKCzbwJEuxSb961hVmtDX5/mwo5iupDSScl5rdt8/Sz2ZpHIxrSfpcp 6LK+WHydFrCwZ+W4TtaS5ro+hNvk2UDe1/s9aIgbSrc6y92xVV+O+mHZ9vGooCf8 +/fj9TblQz5IeBHPZ51II/8YyTiGZ5GuWJVEgQoMtBkBdx55wWu14eBb+XVW78b+ JkxIUJHCTOYcscfYnZX36DxbFkbH2+5HvYN3D7WGEFWSZq/orpAdtHvW56nUv+Tg sI844e4Z055uqeB93+KNzmK1xilPc7Trh7DCJwD4fRQFRDft6Oy9Pkok2fdPzOeL mX1KSdoFxa8WwpyhijrsF9WbVPGuItX0iVzgGFQOwTVyFwE0eKsKvLCjaCrE6rQY yyDNWRnReeDaRvbuC4asOhTNGhm0VmK+WTIA5090A7d7eT+9amQ+Ki5yM+pqygvq Nxvfw1ZK2AhRxLYR7mdkNV0/KQwmwWIBYPSYCFoyMepDlGryotY=
=MpI/
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)