It was discovered that MediaWiki, a website engine for collaborative
work, is vulnerable to JSONP injection in Flash (CVE-2014-5241) and
clickjacking between OutputPage and ParserOutput (CVE-2014-5243). The
vulnerabilities are addressed by upgrading MediaWiki to the new upstream
version 1.19.18, which includes additional changes.
For the stable distribution (wheezy), these problems have been fixed in
version 1:1.19.18+dfsg-0+deb7u1.
For the unstable distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your mediawiki packages.