mediawiki - Debian Package Tracker

general

source: mediawiki (main)
version: 1:1.39.4-2
maintainer: MediaWiki packaging team (DMD)
uploaders: Kunal Mehta [DMD] – Taavi Väänänen [DMD] [DM]
arch: all
std-ver: 4.6.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1:1.31.16-1+deb10u2
o-o-sec: 1:1.31.16-1+deb10u6
o-o-bpo: 1:1.35.2-1~bpo10+1
oldstable: 1:1.35.11-1~deb11u1
old-sec: 1:1.35.11-1~deb11u1
old-bpo: 1:1.39.1-2~bpo11+1
stable: 1:1.39.4-1~deb12u1
stable-sec: 1:1.39.4-1~deb12u1
testing: 1:1.39.4-2
unstable: 1:1.39.4-2

versioned links

1:1.31.16-1+deb10u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:1.31.16-1+deb10u6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:1.35.2-1~bpo10+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:1.35.11-1~deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:1.39.1-2~bpo11+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:1.39.4-1~deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:1.39.4-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

mediawiki (2 bugs: 0, 0, 2, 0)
mediawiki-classes

action needed

A new upstream version is available: 1.39.5 high

A new upstream version 1.39.5 is available, you should consider packaging it.

Created: 2023-09-30 Last update: 2023-10-08 02:40

1 security issue in trixie high

There is 1 open security issue in trixie.

1 important issue:

CVE-2023-3550: Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance administrator.

Created: 2023-09-26 Last update: 2023-10-07 13:36

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2023-3550: Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance administrator.

Created: 2023-09-26 Last update: 2023-10-07 13:36

Multiarch hinter reports 1 issue(s) normal

There are issues with the multiarch metadata for this package.

mediawiki-classes could be marked Multi-Arch: foreign

Created: 2016-09-14 Last update: 2023-10-08 02:43

Depends on packages which need a new maintainer normal

The packages that mediawiki depends on which need a new maintainer are:

lua5.1 (#996252)
- Recommends: lua5.1

Created: 2021-10-12 Last update: 2023-10-08 02:21

1 low-priority security issue in bullseye low

There is 1 open security issue in bullseye.

1 issue left for the package maintainer to handle:

CVE-2023-3550: (postponed; to be fixed through a stable update) Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance administrator.

You can find information about how to handle this issue in the security team's documentation.

Created: 2023-09-26 Last update: 2023-10-07 13:36

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

CVE-2023-3550: (postponed; to be fixed through a stable update) Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance administrator.

You can find information about how to handle this issue in the security team's documentation.

Created: 2023-09-26 Last update: 2023-10-07 13:36

debian/patches: 1 patch to forward upstream low

Among the 3 debian patches available in version 1:1.39.4-2 of the package, we noticed the following issues:

1 patch where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2023-07-04 17:30

news

[rss feed]

[2023-08-22] Accepted mediawiki 1:1.31.16-1+deb10u6 (source) into oldoldstable (Markus Koschany)
[2023-07-10] Accepted mediawiki 1:1.31.16-1+deb10u5 (source) into oldoldstable (Markus Koschany)
[2023-07-07] Accepted mediawiki 1:1.35.11-1~deb11u1 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Kunal Mehta)
[2023-07-06] Accepted mediawiki 1:1.39.4-1~deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Kunal Mehta)
[2023-07-06] mediawiki 1:1.39.4-2 MIGRATED to testing (Debian testing watch)
[2023-07-05] Accepted mediawiki 1:1.39.4-1~deb12u1 (source) into stable-security (Debian FTP Masters) (signed by: Kunal Mehta)
[2023-07-05] Accepted mediawiki 1:1.35.11-1~deb11u1 (source) into oldstable-security (Debian FTP Masters) (signed by: Kunal Mehta)
[2023-07-04] Accepted mediawiki 1:1.39.4-2 (source) into unstable (Kunal Mehta)
[2023-07-03] mediawiki 1:1.39.4-1 MIGRATED to testing (Debian testing watch)
[2023-06-30] Accepted mediawiki 1:1.39.4-1 (source) into unstable (Taavi Väänänen)
[2023-03-05] mediawiki 1:1.39.2-1 MIGRATED to testing (Debian testing watch)
[2023-02-23] Accepted mediawiki 1:1.39.2-1 (source) into unstable (Taavi Väänänen)
[2023-01-05] Accepted mediawiki 1:1.39.1-2~bpo11+1 (source all) into bullseye-backports (Debian FTP Masters) (signed by: Kunal Mehta)
[2022-12-30] mediawiki 1:1.39.1-2 MIGRATED to testing (Debian testing watch)
[2022-12-27] Accepted mediawiki 1:1.39.1-2 (source) into unstable (Taavi Väänänen)
[2022-12-24] Accepted mediawiki 1:1.39.1-1 (source) into unstable (Taavi Väänänen)
[2022-12-12] Accepted mediawiki 1:1.39.0-2 (source) into unstable (Kunal Mehta)
[2022-12-04] Accepted mediawiki 1:1.39.0-1 (source) into unstable (Taavi Väänänen)
[2022-10-17] mediawiki 1:1.35.8-1.1 MIGRATED to testing (Debian testing watch)
[2022-10-16] Accepted mediawiki 1:1.39.0~rc.1-1 (source) into experimental (Kunal Mehta)
[2022-10-15] Accepted mediawiki 1:1.35.8-1.1 (source) into unstable (Michael Biebl)
[2022-10-11] Accepted mediawiki 1:1.31.16-1+deb10u4 (source) into oldstable (Markus Koschany)
[2022-10-11] Accepted mediawiki 1:1.35.8-1~deb11u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Kunal Mehta)
[2022-10-05] mediawiki 1:1.35.8-1 MIGRATED to testing (Debian testing watch)
[2022-10-04] Accepted mediawiki 1:1.35.8-1~deb11u1 (source) into stable-security (Debian FTP Masters) (signed by: Kunal Mehta)
[2022-10-03] Accepted mediawiki 1:1.35.8-1 (source) into unstable (Kunal Mehta)
[2022-09-26] Accepted mediawiki 1:1.39.0~rc.0-1 (source) into experimental (Kunal Mehta)
[2022-09-22] Accepted mediawiki 1:1.31.16-1+deb10u3 (source) into oldstable (Markus Koschany)
[2022-07-06] mediawiki 1:1.35.7-1 MIGRATED to testing (Debian testing watch)
[2022-07-04] Accepted mediawiki 1:1.35.7-1 (source) into unstable (Kunal Mehta)

bugs [bug history graph]

all: 3
RC: 0
I&N: 1
M&W: 2
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1:1.39.4-2
9 bugs