A mediawiki security update has been released for Debian GNU/Linux 9 to address a privacy flaw.
ELA-703-1 mediawiki security update
Package mediawiki
ELA-703-1 mediawiki security update
Version 1:1.27.7-1+deb9u13 (stretch)
Related CVEs CVE-2022-41765
A privacy flaw was discovered in mediawiki, a website engine for collaborative work. The HTMLUserTextField exposed the existence of hidden users which gave more insight than actually intended.
For Debian 9 stretch, these problems have been fixed in version 1:1.27.7-1+deb9u13.
We recommend that you upgrade your mediawiki packages.
Further information about Extended LTS security advisories can be found at: debian Extended Long term support
