Register | Log in

mediawiki

website engine for collaborative work

Choose email to subscribe with

general

source: mediawiki (main)
version: 1:1.35.2-1
maintainer: Kunal Mehta (DMD)
arch: all
std-ver: 4.5.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 1:1.27.7-1~deb9u3
old-sec: 1:1.27.7-1~deb9u7
old-bpo: 1:1.31.2-1~bpo9+1
stable: 1:1.31.12-1~deb10u1
stable-sec: 1:1.31.14-1~deb10u1
stable-bpo: 1:1.35.1-2~bpo10+1
stable-p-u: 1:1.31.14-1~deb10u1
testing: 1:1.35.2-1
unstable: 1:1.35.2-1

versioned links

1:1.27.7-1~deb9u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:1.27.7-1~deb9u7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:1.31.2-1~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:1.31.12-1~deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:1.31.14-1~deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:1.35.1-2~bpo10+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:1.35.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

mediawiki (1 bugs: 0, 0, 1, 0)
mediawiki-classes

action needed

8 security issues in stretch high

There are 8 open security issues in stretch.

8 important issues:

CVE-2021-20270: An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
CVE-2021-27291: In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
CVE-2021-30152: An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. When using the MediaWiki API to "protect" a page, a user is currently able to protect to a higher level than they currently have permissions for.
CVE-2021-30154: An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On Special:NewFiles, all the mediastatistics-header-* messages are output in HTML unescaped, leading to XSS.
CVE-2021-30155: An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. ContentModelChange does not check if a user has correct permissions to create and set the content model of a nonexistent page.
CVE-2021-30157: An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter-* label messages are output in HTML unescaped, leading to XSS.
CVE-2021-30158: An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked users are unable to use Special:ResetTokens. This has security relevance because a blocked user might have accidentally shared a token, or might know that a token has been compromised, and yet is not able to block any potential future use of the token by an unauthorized party.
CVE-2021-30159: An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Users can bypass intended restrictions on deleting pages in certain "fast double move" situations. MovePage::isValidMoveTarget() uses FOR UPDATE, but it's only called if Title::getArticleID() returns non-zero with no special flags. Next, MovePage::moveToInternal() will delete the page if getArticleID(READ_LATEST) is non-zero. Therefore, if the page is missing in the replica DB, isValidMove() will return true, and then moveToInternal() will unconditionally delete the page if it can be found in the master.

Created: 2021-04-07 Last update: 2021-04-18 04:00

Multiarch hinter reports 1 issue(s) normal

There are issues with the multiarch metadata for this package.

mediawiki-classes could be marked Multi-Arch: foreign

Created: 2016-09-14 Last update: 2021-04-20 06:03

news

[2021-04-18] mediawiki 1:1.35.2-1 MIGRATED to testing (Debian testing watch)
[2021-04-13] Accepted mediawiki 1:1.31.14-1~deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Kunal Mehta)
[2021-04-10] Accepted mediawiki 1:1.31.14-1~deb10u1 (source) into stable->embargoed, stable (Debian FTP Masters) (signed by: Kunal Mehta)
[2021-04-08] Accepted mediawiki 1:1.35.2-1 (source) into unstable (Kunal Mehta)
[2021-03-03] Accepted mediawiki 1:1.35.1-2~bpo10+1 (source) into buster-backports (Kunal Mehta)
[2021-02-06] mediawiki 1:1.35.1-2 MIGRATED to testing (Debian testing watch)
[2021-02-04] Accepted mediawiki 1:1.35.1-2 (source) into unstable (Kunal Mehta)
[2020-12-23] Accepted mediawiki 1:1.27.7-1~deb9u7 (source) into oldstable (Roberto C. Sánchez) (signed by: Roberto C. Sanchez)
[2020-12-21] Accepted mediawiki 1:1.35.1-1~bpo10+1 (source) into buster-backports (Kunal Mehta)
[2020-12-21] mediawiki 1:1.35.1-1 MIGRATED to testing (Debian testing watch)
[2020-12-21] mediawiki 1:1.35.1-1 MIGRATED to testing (Debian testing watch)
[2020-12-20] Accepted mediawiki 1:1.31.12-1~deb10u1 (source all) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Kunal Mehta)
[2020-12-18] Accepted mediawiki 1:1.31.12-1~deb10u1 (source all) into stable->embargoed, stable (Debian FTP Masters) (signed by: Kunal Mehta)
[2020-12-18] Accepted mediawiki 1:1.35.1-1 (source) into unstable (Kunal Mehta)
[2020-12-17] mediawiki 1:1.35.0-2 MIGRATED to testing (Debian testing watch)
[2020-12-17] mediawiki 1:1.35.0-2 MIGRATED to testing (Debian testing watch)
[2020-12-14] Accepted mediawiki 1:1.35.0-2 (source) into unstable (Kunal Mehta)
[2020-11-21] Accepted mediawiki 1:1.27.7-1~deb9u6 (source) into oldstable (Roberto C. Sánchez) (signed by: Roberto C. Sanchez)
[2020-09-29] Accepted mediawiki 1:1.35.0-1~bpo10+1 (source all) into buster-backports, buster-backports (Debian FTP Masters) (signed by: Kunal Mehta)
[2020-09-29] mediawiki 1:1.35.0-1 MIGRATED to testing (Debian testing watch)
[2020-09-28] Accepted mediawiki 1:1.27.7-1~deb9u5 (source) into oldstable (Roberto C. Sánchez) (signed by: Roberto C. Sanchez)
[2020-09-27] Accepted mediawiki 1:1.35.0-1 (source) into unstable (Kunal Mehta)
[2020-09-27] Accepted mediawiki 1:1.31.10-1~deb10u1 (source all) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Kunal Mehta)
[2020-09-26] Accepted mediawiki 1:1.27.7-1~deb9u4 (source) into oldstable (Roberto C. Sanchez)
[2020-09-25] Accepted mediawiki 1:1.31.10-1~deb10u1 (source all) into stable->embargoed, stable (Debian FTP Masters) (signed by: Kunal Mehta)
[2020-09-05] Accepted mediawiki 1:1.35.0~rc.3-1 (source) into experimental (Kunal Mehta)
[2020-08-22] Accepted mediawiki 1:1.35.0~rc.2-1 (source) into experimental (Kunal Mehta)
[2020-08-07] Accepted mediawiki 1:1.35.0~rc.1-1 (source) into experimental (Kunal Mehta)
[2020-08-01] Accepted mediawiki 1:1.35.0~rc.0-1 (source) into experimental (Kunal Mehta)
[2020-06-27] mediawiki 1:1.31.8-1 MIGRATED to testing (Debian testing watch)

1
2

bugs [bug history graph]

all: 1
RC: 0
I&N: 0
M&W: 1
F&P: 0
patch: 0

links

homepage
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1:1.35.1-2
9 bugs

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing