[SECURITY] [DSA 4651-1] mediawiki security update

2 files changed, 34 insertions, 0 deletions

diff --git a/english/security/2020/dsa-4651.data b/english/security/2020/dsa-4651.data
new file mode 100644
index 00000000000..793fde87a88
--- /dev/null
+++ b/english/security/2020/dsa-4651.data
@@ -0,0 +1,13 @@
+<define-tag pagetitle>DSA-4651-1 mediawiki</define-tag>
+<define-tag report_date>2020-4-02</define-tag>
+<define-tag secrefs>CVE-2020-10960</define-tag>
+<define-tag packages>mediawiki</define-tag>
+<define-tag isvulnerable>yes</define-tag>
+<define-tag fixed>yes</define-tag>
+<define-tag fixed-section>no</define-tag>
+
+#use wml::debian::security
+
+
+
+</dl>
diff --git a/english/security/2020/dsa-4651.wml b/english/security/2020/dsa-4651.wml
new file mode 100644
index 00000000000..bb14b9c28fa
--- /dev/null
+++ b/english/security/2020/dsa-4651.wml
@@ -0,0 +1,21 @@
+<define-tag description>security update</define-tag>
+<define-tag moreinfo>
+<p>It was discovered that some user-generated CSS selectors in MediaWiki, a
+website engine for collaborative work, were not escaped.</p>
+
+<p>The oldstable distribution (stretch) is not affected.</p>
+
+<p>For the stable distribution (buster), this problem has been fixed in
+version 1:1.31.7-1~deb10u1.</p>
+
+<p>We recommend that you upgrade your mediawiki packages.</p>
+
+<p>For the detailed security status of mediawiki please refer to
+its security tracker page at:
+<a href="https://security-tracker.debian.org/tracker/mediawiki">\
+https://security-tracker.debian.org/tracker/mediawiki</a></p>
+</define-tag>
+
+# do not modify the following line
+#include "$(ENGLISHDIR)/security/2020/dsa-4651.data"
+# $Id: $