My original mail didn't make it to the debian-release mailing list due to the size of the debdiff, so here it is, without the attachment.
-- Kunal On Thu, 06 Jun 2019 13:40:46 -0400 Kunal Mehta <lego...@debian.org> wrote: > Package: release.debian.org > Severity: normal > User: release.debian....@packages.debian.org > Usertags: unblock > > Please unblock package mediawiki > > This new upstream security release fixes the following CVEs: > CVE-2019-12466, CVE-2019-12467, CVE-2019-12468, CVE-2019-12469, > CVE-2019-12470, CVE-2019-12471, CVE-2019-12472, CVE-2019-12473, > CVE-2019-12474. The bundled jQuery was also updated, fixing > CVE-2019-11358. > > The bugfix for #928716 is also included. > > As done with stretch, we will be following the upstream 1.31.x releases for > buster-security. > > unblock mediawiki/1:1.31.2-1 > > -- System Information: > Debian Release: 10.0 > APT prefers unstable > APT policy: (500, 'unstable'), (1, 'experimental') > Architecture: amd64 (x86_64) > > Kernel: Linux 5.1.6-300.fc30.x86_64 (SMP w/4 CPU cores) > Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set > to C.UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to C.UTF-8) > Shell: /bin/sh linked to /usr/bin/dash > Init: systemd (via /run/systemd/system)