Debian 10032 Published by

A mediawiki security update has been released for Debian GNU/Linux 9 to address a privacy flaw.

ELA-703-1 mediawiki security update

Package mediawiki
Version 1:1.27.7-1+deb9u13 (stretch)
Related CVEs CVE-2022-41765

A privacy flaw was discovered in mediawiki, a website engine for collaborative work. The HTMLUserTextField exposed the existence of hidden users which gave more insight than actually intended.

For Debian 9 stretch, these problems have been fixed in version 1:1.27.7-1+deb9u13.

We recommend that you upgrade your mediawiki packages.

Further information about Extended LTS security advisories can be found at: debian Extended Long term support

  ELA-703-1 mediawiki security update