A mediawiki security update has been released for Debian GNU/Linux 9 Extended LTS to address several security vulnerabilities.

ELA-674-1 mediawiki security update

Package mediawiki
Version 1:1.27.7-1+deb9u12 (stretch)
Related CVEs CVE-2022-28201 CVE-2022-28202 CVE-2022-34911 CVE-2022-34912

Several security vulnerabilities were discovered in mediawiki, a website engine for collaborative work. Insufficiently escaped input text may allow a malicious user to perform cross-site-scripting (XSS) attacks.

For Debian 9 stretch, these problems have been fixed in version 1:1.27.7-1+deb9u12.

We recommend that you upgrade your mediawiki packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-674-1 mediawiki security update