Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted mediawiki 1:1.35.13-1+deb11u6 (source) into oldoldstable-security
Date: Tue, 30 Dec 2025 13:00:23 +0000
Signed by: Guilhem Moulin <guilhem@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 28 Dec 2025 15:15:31 +0100
Source: mediawiki
Architecture: source
Version: 1:1.35.13-1+deb11u6
Distribution: bullseye-security
Urgency: high
Maintainer: Kunal Mehta <legoktm@debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Changes:
 mediawiki (1:1.35.13-1+deb11u6) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
   * Fix CVE-2025-67475: Escape square brackets in autocomment links.
   * Fix CVE-2025-67478: Always escape commas in distinct values from RFC 2822
     style headers.
   * Fix CVE-2025-67479: Sanitizer: disallow underscore and wide underscore in
     `data-*` attribute names.
   * Fix CVE-2025-67480: Check read permissions in `ApiQueryRevisionsBase`.
   * Fix CVE-2025-67481: Disallow `style` attribute in client-side messages
     (jqueryMsg).
   * Fix CVE-2025-67482 (Scribunto extension): Lua segfault in unpack().
   * Fix CVE-2025-67484: Don't allow users with the `editinterface` permission
     to perform XSS by default.  If the former unsafe behavior is desired, is
     can be re-enabled by setting `$wgEnableUnsafeXsltOption` to true.
Checksums-Sha1:
 b7adf79d71546efe3544d9b79dc0894969365da7 2426 mediawiki_1.35.13-1+deb11u6.dsc
 fc6a0092fc13601b40cf223a9679aecb334fab41 52025948 mediawiki_1.35.13.orig.tar.gz
 b3e2fe47c3e14e21cead561df099f99e5b79dc05 195 mediawiki_1.35.13.orig.tar.gz.asc
 812e9aee5874caf5bd6947e3e29593ca4b85bcce 131800 mediawiki_1.35.13-1+deb11u6.debian.tar.xz
 8892c3b36faf853cb8920f867bd9520ff4aadc4a 5913 mediawiki_1.35.13-1+deb11u6_source.buildinfo
Checksums-Sha256:
 e403b385bf574ed3e3d68523e453255b5f1441772d13373abe8d4672fa9ceced 2426 mediawiki_1.35.13-1+deb11u6.dsc
 2a9700ce193db1932db7be3e1bfddf135d622d4399ba6bd6d0570e451db63b61 52025948 mediawiki_1.35.13.orig.tar.gz
 08755b8c39509e75b0326d13d52e834decdce93ed3efc48b689f7615860d2c58 195 mediawiki_1.35.13.orig.tar.gz.asc
 c347594e0ddb22ade187c92ff63ed3b9c42c10020da97e4ec5b49c69c756a969 131800 mediawiki_1.35.13-1+deb11u6.debian.tar.xz
 65f6159506d1862f33e1f1ae5123617603ede3ed28a82605bdb0ded8d1874bb6 5913 mediawiki_1.35.13-1+deb11u6_source.buildinfo
Files:
 9264a91d74c0888835d825f6098b38ae 2426 web optional mediawiki_1.35.13-1+deb11u6.dsc
 5a860e14a8fac89a5964fa9c1695041e 52025948 web optional mediawiki_1.35.13.orig.tar.gz
 5b4f4d652eb606eaf059b91b4e3e467b 195 web optional mediawiki_1.35.13.orig.tar.gz.asc
 bde2212f53e23170df80ed44bfb6cc02 131800 web optional mediawiki_1.35.13-1+deb11u6.debian.tar.xz
 51629b32e882d5dd0bff8f0ba804654e 5913 web optional mediawiki_1.35.13-1+deb11u6_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmlS8JoACgkQ05pJnDwh
pVIj9w//Ultup6P8upvAuGFzicqU78XP447V7GxQmN8OK4DE2Nb8ubzJom72VG3E
J9yD8voUCeKo9iNmzFBgw8wbqjAIb2sWFL85uLuaJCZJBuAUnJr5HmCkTdNwggPX
wLerHRUYkyfHaiaSa6BJ5UTAcIAUt7c/ezMvuQ4vWcsukTezp2tcL68MNGFy9o2j
zce0mpJTFocfUkjiqrs7Qvy4xbF2YWUVvPaCmltSzalNwI6ozENPPjK1MizO3UBK
/feZGl42JkBZc8EH2QhpsgcO1pzuCjOQE9+ZGssSyrCcXEPxQT2VlhNW8+6IzkMF
3BDiO35AqnLqN7V4F3K0JkWdgFmP22uRg05D6zE8sSFuBbqNyvrIE5ENRj7jkUTM
y6jQVqD5BAhigb9LLjiI6NMUm1Lshy8iqEQv2hSN9lEzml0Esu44J1ZgNlt8FvFg
0dhEJpnH+SO2XoWTX81kSw9RsE3pEG5I0Wjm36eOvB11xC8bdmbqFRlub4uEB4Oi
6/o7eHvTmyhQf4DZu9EeJA/YaZ9cfh8l/Y54SZvktd0tmtkeERar2PR76R+U72dK
DtnNXW4/7hNB4bUhTNn7jNn6w4dUoVY/WYrluFNLzLyu2xV6siWbRzJmQdkicQTo
OAbLe8eYABUKSuChathf9RltQXBAEXsRzmUXn9xBCxarC7mStgM=
=NRC4
-----END PGP SIGNATURE-----
News for package mediawiki
