-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4651-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
April 02, 2020                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : mediawiki
CVE ID         : CVE-2020-10960

It was discovered that some user-generated CSS selectors in MediaWiki, a
website engine for collaborative work, were not escaped.

The oldstable distribution (stretch) is not affected.

For the stable distribution (buster), this problem has been fixed in
version 1:1.31.7-1~deb10u1.

We recommend that you upgrade your mediawiki packages.

For the detailed security status of mediawiki please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mediawiki

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl6GTzAACgkQEMKTtsN8
TjZ4KA//d4YE+pbwN/DmJ66nM8eMazlXp8Cbeazu3kfRZ/E/UrmPoloJ7zic2j1a
yl18Bh7xu0sPdsFmqsANguH6dWDJNiFrxRNMcwvBNGJk6UC6RWp4gc+b5Q7kW0vd
VoVSCHjbOLBET8j5jSU25nhZASK35YYBxcVqyDDKzC7s7/lfOUxfGC6W13UhJdxd
6qJvtRFcfUKCzbwJEuxSb961hVmtDX5/mwo5iupDSScl5rdt8/Sz2ZpHIxrSfpcp
6LK+WHydFrCwZ+W4TtaS5ro+hNvk2UDe1/s9aIgbSrc6y92xVV+O+mHZ9vGooCf8
+/fj9TblQz5IeBHPZ51II/8YyTiGZ5GuWJVEgQoMtBkBdx55wWu14eBb+XVW78b+
JkxIUJHCTOYcscfYnZX36DxbFkbH2+5HvYN3D7WGEFWSZq/orpAdtHvW56nUv+Tg
sI844e4Z055uqeB93+KNzmK1xilPc7Trh7DCJwD4fRQFRDft6Oy9Pkok2fdPzOeL
mX1KSdoFxa8WwpyhijrsF9WbVPGuItX0iVzgGFQOwTVyFwE0eKsKvLCjaCrE6rQY
yyDNWRnReeDaRvbuC4asOhTNGhm0VmK+WTIA5090A7d7eT+9amQ+Ki5yM+pqygvq
Nxvfw1ZK2AhRxLYR7mdkNV0/KQwmwWIBYPSYCFoyMepDlGryotY=
=MpI/
-----END PGP SIGNATURE-----