logo
DATABASE RESOURCES PRICING ABOUT US

mediawiki - security update

Description

It was discovered that MediaWiki, a website engine for collaborative work, is vulnerable to JSONP injection in Flash ([CVE-2014-5241](https://security-tracker.debian.org/tracker/CVE-2014-5241)) and clickjacking between OutputPage and ParserOutput ([CVE-2014-5243](https://security-tracker.debian.org/tracker/CVE-2014-5243)). The vulnerabilities are addressed by upgrading MediaWiki to the new upstream version 1.19.18, which includes additional changes. For the stable distribution (wheezy), these problems have been fixed in version 1:1.19.18+dfsg-0+deb7u1. For the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your mediawiki packages.


Affected Software


CPE Name Name Version
mediawiki 1:1.19.10+dfsg-1
mediawiki 1:1.19.11+dfsg-0+deb7u1
mediawiki 1:1.19.11+dfsg-1
mediawiki 1:1.19.12+dfsg-1
mediawiki 1:1.19.13+dfsg-1
mediawiki 1:1.19.14+dfsg-0+deb7u1
mediawiki 1:1.19.14+dfsg-0+deb7u2
mediawiki 1:1.19.14+dfsg-1
mediawiki 1:1.19.15+dfsg-0+deb7u1
mediawiki 1:1.19.15+dfsg-1
mediawiki 1:1.19.15+dfsg-2
mediawiki 1:1.19.16+dfsg-0+deb7u1
mediawiki 1:1.19.16+dfsg-1
mediawiki 1:1.19.17+dfsg-1
mediawiki 1:1.19.5-1
mediawiki 1:1.19.5-1+deb7u1
mediawiki 1:1.19.6-1
mediawiki 1:1.19.7+dfsg-1
mediawiki 1:1.19.7+dfsg-1.1
mediawiki 1:1.19.8+dfsg-1
mediawiki 1:1.19.8+dfsg-2
mediawiki 1:1.19.8+dfsg-2.1
mediawiki 1:1.19.8+dfsg-2.2
mediawiki 1:1.19.9+dfsg-1
mediawiki 1:1.19.9+dfsg-2

Related