Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted mediawiki 1:1.27.7-1~deb9u10 (source) into oldoldstable
Date: Sat, 09 Oct 2021 16:00:12 +0000
Signed by: Markus Koschany <apo@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 09 Oct 2021 16:59:52 +0200
Source: mediawiki
Architecture: source
Version: 1:1.27.7-1~deb9u10
Distribution: stretch-security
Urgency: high
Maintainer: Kunal Mehta <legoktm@member.fsf.org>
Changed-By: Markus Koschany <apo@debian.org>
Changes:
 mediawiki (1:1.27.7-1~deb9u10) stretch-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2021-35197:
     In MediaWiki bots have certain unintended API access. When a bot account
     has a "sitewide block" applied, it is able to still "purge" pages through
     the MediaWiki Action API (which a "sitewide block" should have prevented).
   * Fix CVE-2021-41798:
     XSS vulnerability in Special:Search.
     Fix CVE-2021-41799:
   * ApiQueryBacklinks can cause a full table scan.
Checksums-Sha1:
 10942a3655fab750feac47aba9c5e4bea1d83961 2186 mediawiki_1.27.7-1~deb9u10.dsc
 e3dd06a407b7c2955336b28d5202739022990589 83524 mediawiki_1.27.7-1~deb9u10.debian.tar.xz
 7e231f18363dc22ef3022c73c1244a48c954f284 5670 mediawiki_1.27.7-1~deb9u10_source.buildinfo
Checksums-Sha256:
 6f1b4811226da6ec3eb63b10af41b31bd5a99912001aad318f133a5b9e028fd2 2186 mediawiki_1.27.7-1~deb9u10.dsc
 6320e0585ed0fac72dab96cbc42eaf7aa4ebcb35dc56bbbaefb710bc4241ca60 83524 mediawiki_1.27.7-1~deb9u10.debian.tar.xz
 73c2e9b66c23c2d2bd72a07763683ac70548a8472e4871a536d6ebdad857bfcd 5670 mediawiki_1.27.7-1~deb9u10_source.buildinfo
Files:
 232f63a89904a103209edb8ae68388ec 2186 web optional mediawiki_1.27.7-1~deb9u10.dsc
 7ee6969dadfce646b67756d970ff9c11 83524 web optional mediawiki_1.27.7-1~deb9u10.debian.tar.xz
 a3c3d863f912d5b7b4e0828cfea65582 5670 web optional mediawiki_1.27.7-1~deb9u10_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmFhuXJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkV6gP+gNEV7cO/RG7k+PVnBoUPZgdn9gyPJ5ViFZI
495Pc2/8pzVTctQiF9RRsTodtn3A8L9I2f9ojS8i9YTrx4V0kIQzBecMNqQK1ov0
YHFp5UAY61VwmWKXhvBiFRYTnjOkmSJKXHfSmXvrYr91V1MyFd7WHEZzQl1P07SY
aeeNEHDcx6l0pab5PVPTHRHKuZ1inBzNTB9/LBHjpQabTKT/9Vf7JHLIAMX1UoiM
vLOddWm/4XfovF2wNiXWcZ3sITPjeYH1+xG0hZ+XmVs0VD+ELAfb5scWu3bfT4K6
EL79lsU3jXnHbfaPbIrlefX68xDjg33YiAovq1LeT8tMt6y3xkwysW1G4R++grHq
q00yOWHCJkbvvrHqkkrzeUM64YphNnZGaktpz3cyJ/9N/Yz3esh6Bng4iIfRfAJD
gObXFJB75TZUVSlaDYcd/+KRx5sKfEqSmmN1N4LzIE6PKN8jtqixEvFNc9ygZAPX
nbx31Np1r1qrIEmeA5K0m8PMkyluHc55HagDvQP0adWikDeywfhTAclrTYVXukMB
KLWnDbgtnLvJjtD5STdB+tAKu8DyCAwUgQfQH+L8kkLn0i5GGeN7noDSr3nfrL7f
b9qY/hfsZr9+7sW2e5z+maI624A+lp1L1FeL2UrhyfmcstpxAgUS+ZArEZIzMTtg
znUSRjEI
=rh5R
-----END PGP SIGNATURE-----

News for package mediawiki