Debian Package Tracker
Register | Log in
Subscribe

mediawiki

website engine for collaborative work

Choose email to subscribe with

general
  • source: mediawiki (main)
  • version: 1:1.43.9+dfsg-1
  • maintainer: MediaWiki packaging team (DMD)
  • uploaders: Kunal Mehta [DMD] – Taavi Väänänen [DMD]
  • arch: all
  • std-ver: 4.7.2
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 1:1.35.13-1+deb11u2
  • o-o-sec: 1:1.35.13-1+deb11u7
  • oldstable: 1:1.39.17-1+deb12u2
  • old-sec: 1:1.39.17-1+deb12u2
  • stable: 1:1.43.9+dfsg-1~deb13u1
  • stable-sec: 1:1.43.9+dfsg-1~deb13u1
  • testing: 1:1.43.9+dfsg-1
  • unstable: 1:1.43.9+dfsg-1
versioned links
  • 1:1.35.13-1+deb11u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1:1.35.13-1+deb11u7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1:1.39.17-1+deb12u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1:1.43.9+dfsg-1~deb13u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1:1.43.9+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • mediawiki (3 bugs: 0, 1, 2, 0)
  • mediawiki-classes
action needed
12 security issues in bullseye high

There are 12 open security issues in bullseye.

10 important issues:
  • CVE-2026-58024: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiUserrights.Php. This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
  • CVE-2026-58025: Deserialization of untrusted data vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/WikiImporter.Php, includes/Import/WikiRevision.Php, includes/Logging/LogEntryBase.Php. This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
  • CVE-2026-58026: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Parser/Parser.Php. This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
  • CVE-2026-58027: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated with program files includes/Api/QueryAbuseFilters.Php. This issue affects AbuseFilter: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
  • CVE-2026-58028: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation CentralAuth. This vulnerability is associated with program files includes/Api/ApiFormatBase.Php, includes/Api/ApiHelp.Php, includes/ResourceLoader/Module.Php, includes/Hooks/Handlers/PageDisplayHookHandler.Php, includes/LogFormatter/PermissionChangeLogFormatter.Php. This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9; CentralAuth: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
  • CVE-2026-58029: Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiChangeAuthenticationData.Php, includes/Api/ApiLinkAccount.Php, includes/Api/ApiRemoveAuthenticationData.Php, includes/Specials/SpecialLinkAccounts.Php, includes/Specials/SpecialUnlinkAccounts.Php. This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
  • CVE-2026-58030: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation SyntaxHighlight_GeSHi. This vulnerability is associated with program files includes/SyntaxHighlight.Php. This issue affects SyntaxHighlight_GeSHi: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
  • CVE-2026-58032: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Api/index.Js. This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
  • CVE-2026-58033: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Actions/InfoAction.Php. This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
  • CVE-2026-58037: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Language/Language.Php, includes/Logging/BlockLogFormatter.Php, includes/Logging/LogFormatter.Php, includes/Logging/PatrolLogFormatter.Php, includes/Logging/RenameuserLogFormatter.Php, includes/Logging/TagLogFormatter.Php, includes/Specials/SpecialVersion.Php. This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
2 ignored issues:
  • CVE-2025-32697: Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/editpage/IntroMessageBuilder.Php, includes/Permissions/PermissionManager.Php, includes/Permissions/RestrictionStore.Php. This issue affects MediaWiki: before 1.42.6, 1.43.1.
  • CVE-2026-34086: Vulnerability in Wikimedia Foundation AbuseFilter. This issue affects AbuseFilter: from * before 1.43.7, 1.44.4, 1.45.2.
Created: 2026-06-30 Last update: 2026-07-11 15:25
12 security issues in bookworm high

There are 12 open security issues in bookworm.

10 important issues:
  • CVE-2026-58024: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiUserrights.Php. This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
  • CVE-2026-58025: Deserialization of untrusted data vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/WikiImporter.Php, includes/Import/WikiRevision.Php, includes/Logging/LogEntryBase.Php. This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
  • CVE-2026-58026: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Parser/Parser.Php. This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
  • CVE-2026-58027: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated with program files includes/Api/QueryAbuseFilters.Php. This issue affects AbuseFilter: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
  • CVE-2026-58028: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation CentralAuth. This vulnerability is associated with program files includes/Api/ApiFormatBase.Php, includes/Api/ApiHelp.Php, includes/ResourceLoader/Module.Php, includes/Hooks/Handlers/PageDisplayHookHandler.Php, includes/LogFormatter/PermissionChangeLogFormatter.Php. This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9; CentralAuth: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
  • CVE-2026-58029: Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiChangeAuthenticationData.Php, includes/Api/ApiLinkAccount.Php, includes/Api/ApiRemoveAuthenticationData.Php, includes/Specials/SpecialLinkAccounts.Php, includes/Specials/SpecialUnlinkAccounts.Php. This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
  • CVE-2026-58030: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation SyntaxHighlight_GeSHi. This vulnerability is associated with program files includes/SyntaxHighlight.Php. This issue affects SyntaxHighlight_GeSHi: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
  • CVE-2026-58032: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Api/index.Js. This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
  • CVE-2026-58033: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Actions/InfoAction.Php. This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
  • CVE-2026-58037: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Language/Language.Php, includes/Logging/BlockLogFormatter.Php, includes/Logging/LogFormatter.Php, includes/Logging/PatrolLogFormatter.Php, includes/Logging/RenameuserLogFormatter.Php, includes/Logging/TagLogFormatter.Php, includes/Specials/SpecialVersion.Php. This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
2 ignored issues:
  • CVE-2025-32697: Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/editpage/IntroMessageBuilder.Php, includes/Permissions/PermissionManager.Php, includes/Permissions/RestrictionStore.Php. This issue affects MediaWiki: before 1.42.6, 1.43.1.
  • CVE-2026-34086: Vulnerability in Wikimedia Foundation AbuseFilter. This issue affects AbuseFilter: from * before 1.43.7, 1.44.4, 1.45.2.
Created: 2025-07-04 Last update: 2026-07-11 15:25
Multiarch hinter reports 1 issue(s) normal
There are issues with the multiarch metadata for this package.
  • mediawiki-classes could be marked Multi-Arch: foreign
Created: 2016-09-14 Last update: 2026-07-15 07:01
lintian reports 6 warnings normal
Lintian reports 6 warnings about this package. You should make the package lintian clean getting rid of them.
Created: 2026-07-05 Last update: 2026-07-05 10:47
1 open merge request in Salsa normal
There is 1 open merge request for this package on Salsa. You should consider reviewing and/or merging these merge requests.
Created: 2026-07-04 Last update: 2026-07-04 22:01
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.4 instead of 4.7.2).
Created: 2025-12-23 Last update: 2026-07-05 06:19
news
[rss feed]
  • [2026-07-07] mediawiki 1:1.43.9+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2026-07-06] Accepted mediawiki 1:1.43.9+dfsg-1~deb13u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Taavi Väänänen)
  • [2026-07-05] Accepted mediawiki 1:1.43.9+dfsg-1~deb13u1 (source) into stable-security (Debian FTP Masters) (signed by: Taavi Väänänen)
  • [2026-07-04] Accepted mediawiki 1:1.43.9+dfsg-1 (source) into unstable (Taavi Väänänen)
  • [2026-06-22] Accepted mediawiki 1:1.35.13-1+deb11u7 (source) into oldoldstable-security (Guilhem Moulin)
  • [2026-04-18] Accepted mediawiki 1:1.39.17-1+deb12u2 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Taavi Väänänen)
  • [2026-04-18] Accepted mediawiki 1:1.43.8+dfsg-1~deb13u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Taavi Väänänen)
  • [2026-04-12] Accepted mediawiki 1:1.39.17-1+deb12u2 (source) into oldstable-security (Debian FTP Masters) (signed by: Taavi Väänänen)
  • [2026-04-12] Accepted mediawiki 1:1.43.8+dfsg-1~deb13u1 (source) into stable-security (Debian FTP Masters) (signed by: Taavi Väänänen)
  • [2026-04-11] mediawiki 1:1.43.8+dfsg-2 MIGRATED to testing (Debian testing watch)
  • [2026-04-08] Accepted mediawiki 1:1.43.8+dfsg-2 (source) into unstable (Taavi Väänänen)
  • [2026-04-05] mediawiki 1:1.43.8+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2026-04-02] Accepted mediawiki 1:1.43.8+dfsg-1 (source) into unstable (Taavi Väänänen)
  • [2025-12-30] Accepted mediawiki 1:1.35.13-1+deb11u6 (source) into oldoldstable-security (Guilhem Moulin)
  • [2025-12-20] Accepted mediawiki 1:1.39.17-1~deb12u1 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Taavi Väänänen)
  • [2025-12-20] Accepted mediawiki 1:1.43.6+dfsg-1~deb13u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Taavi Väänänen)
  • [2025-12-19] Accepted mediawiki 1:1.43.6+dfsg-1~deb13u1 (source) into stable-security (Debian FTP Masters) (signed by: Taavi Väänänen)
  • [2025-12-19] Accepted mediawiki 1:1.39.17-1~deb12u1 (source) into oldstable-security (Debian FTP Masters) (signed by: Taavi Väänänen)
  • [2025-12-14] mediawiki 1:1.43.6+dfsg-2 MIGRATED to testing (Debian testing watch)
  • [2025-12-11] Accepted mediawiki 1:1.43.6+dfsg-2 (source) into unstable (Taavi Väänänen)
  • [2025-12-11] Accepted mediawiki 1:1.43.6+dfsg-1 (source) into unstable (Taavi Väänänen)
  • [2025-10-31] Accepted mediawiki 1:1.35.13-1+deb11u5 (source) into oldoldstable-security (Guilhem Moulin)
  • [2025-10-28] mediawiki 1:1.43.5+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2025-10-24] Accepted mediawiki 1:1.43.5+dfsg-1 (source) into unstable (Taavi Väänänen)
  • [2025-07-23] Accepted mediawiki 1:1.35.13-1+deb11u4 (source) into oldstable-security (Guilhem Moulin)
  • [2025-07-13] mediawiki 1:1.43.3+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2025-07-05] Accepted mediawiki 1:1.39.13-1~deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Taavi Väänänen)
  • [2025-07-03] Accepted mediawiki 1:1.39.13-1~deb12u1 (source) into stable-security (Debian FTP Masters) (signed by: Taavi Väänänen)
  • [2025-07-01] Accepted mediawiki 1:1.43.3+dfsg-1 (source) into unstable (Taavi Väänänen)
  • [2025-04-29] mediawiki 1:1.43.1+dfsg-2 MIGRATED to testing (Debian testing watch)
  • 1
  • 2
bugs [bug history graph]
  • all: 5
  • RC: 0
  • I&N: 2
  • M&W: 3
  • F&P: 0
  • patch: 0
links
  • homepage
  • lintian (0, 6)
  • buildd: logs, reproducibility
  • popcon
  • browse source code
  • other distros
  • security tracker
  • screenshots
  • debian patches
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 1:1.43.8+dfsg-2

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing