Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted mediawiki 1:1.35.13-1+deb11u7 (source) into oldoldstable-security
Date: Mon, 22 Jun 2026 01:40:18 +0000
Signed by: Guilhem Moulin <guilhem@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 30 Apr 2026 21:10:52 +0200
Source: mediawiki
Architecture: source
Version: 1:1.35.13-1+deb11u7
Distribution: bullseye-security
Urgency: high
Maintainer: Kunal Mehta <legoktm@debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Changes:
 mediawiki (1:1.35.13-1+deb11u7) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
   * Fix CVE-2026-34087 (OATHAuth extension): Users API leaks whether
     privileged users have their user groups disabled for lack of 2FA.
   * Fix CVE-2026-34095: action=raw with Special:Mypage subpage title responds
     with "Content-Type) SECURITY: text/html" on ctype=text/javascript request.
   * Fix CVE-2026-34088: RecentChanges entries expose suppressed content via
     generated log page html.
   * Fix CVE-2026-34093: Special:UserRights allows viewing user rights from
     private wiki.
Checksums-Sha1:
 fec91c1c2c8745bfbaf32809577097501685252a 2426 mediawiki_1.35.13-1+deb11u7.dsc
 fc6a0092fc13601b40cf223a9679aecb334fab41 52025948 mediawiki_1.35.13.orig.tar.gz
 b3e2fe47c3e14e21cead561df099f99e5b79dc05 195 mediawiki_1.35.13.orig.tar.gz.asc
 79d41091046606490c2fdf82ee7509da741655e5 135556 mediawiki_1.35.13-1+deb11u7.debian.tar.xz
 a85ce0fa97d4b8a7e4a42501db5f5f598f43cc24 5901 mediawiki_1.35.13-1+deb11u7_source.buildinfo
Checksums-Sha256:
 2026d804710c89f0e88d3b3eade9a57226967b87ac5698af6a20d0b0f975a472 2426 mediawiki_1.35.13-1+deb11u7.dsc
 2a9700ce193db1932db7be3e1bfddf135d622d4399ba6bd6d0570e451db63b61 52025948 mediawiki_1.35.13.orig.tar.gz
 08755b8c39509e75b0326d13d52e834decdce93ed3efc48b689f7615860d2c58 195 mediawiki_1.35.13.orig.tar.gz.asc
 7d56172d66030c8e1d77dff9f6bb5c9f8f0306757846da824b8d0d4af58ea162 135556 mediawiki_1.35.13-1+deb11u7.debian.tar.xz
 77c4debda46b20144d051228a2f73c3b7d7023d1b8992c4220cd01b3241b9811 5901 mediawiki_1.35.13-1+deb11u7_source.buildinfo
Files:
 6fd9b6fd43d3f08d797a5f9c84670536 2426 web optional mediawiki_1.35.13-1+deb11u7.dsc
 5a860e14a8fac89a5964fa9c1695041e 52025948 web optional mediawiki_1.35.13.orig.tar.gz
 5b4f4d652eb606eaf059b91b4e3e467b 195 web optional mediawiki_1.35.13.orig.tar.gz.asc
 428fabe139a4f819d04dda62758a2063 135556 web optional mediawiki_1.35.13-1+deb11u7.debian.tar.xz
 13410837b0e5752ce3c2bf2328cad7a1 5901 web optional mediawiki_1.35.13-1+deb11u7_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmo4iggACgkQ05pJnDwh
pVJ3mhAAsiIpaffeOMoCo5W8gYM23kdiZmcwIXac8OEoZ8owe0ScUcrlgtOiJMLi
Z6wk1rgvdWKwEWBjjez0lEmKsVLnT5skBE36DjzSXSCu1K0ef4Ktmzg4dWTQExJ0
8On4V2ARDXLyDARwQx9W9U/Wi9RVdvcaicvlgp8/6n4NiLugfE4U7Dx+pC2r1LrJ
6mBZCBVJmxEyJdbr+5I8f1G1BMiv4DSEPc4FNlF5IzZ8REgPQWZkyqzXTSF5ZyRU
/1Xa/wK2QU/C5iBHDcEHGWTQxkA/20jXSyy0CjFtkSstehjdAjxRa7OJFRoqqZjS
1P6szSXJQgofQ6mn+JXDNycO3+buQDByanoYnbJH8Wv6FbyR46dU4R3JnyWoiNVP
Rz87MpWV5bGmW3AfP5hAcybGjL1FvKRQNUbfzLPGecuvdTB6YoFPQIYLgydbO4f1
/l1ZmRuX/6aRGqKbZ4x9lwCyE0MABxAlVUm5UGZFd8Q0hMdM8I6v951LE04wKuhu
yDutab7JhywSFEHhNHvEUCDtu0GJ43qMSzdXrdlQe/MSLlFyrTqErMLXMC6IeKht
7G+sWpB26LrvnT5WzrZzaSIo3MZ8eFbqZoSiWy3Wv4EthKOOiqq9uON/DIKlg0VL
/vdvMREY3hpdjBIvIen6QNEzsmqDrXdaAgTDDqEUDKRQlIGG4Ws=
=+QH7
-----END PGP SIGNATURE-----

News for package mediawiki