-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 30 Oct 2025 19:40:01 +0100 Source: mediawiki Architecture: source Version: 1:1.35.13-1+deb11u5 Distribution: bullseye-security Urgency: high Maintainer: Kunal Mehta <[email protected]> Changed-By: Guilhem Moulin <[email protected]> Changes: mediawiki (1:1.35.13-1+deb11u5) bullseye-security; urgency=high . * Non-maintainer upload by the LTS Team. * Fix CVE-2025-11173 (OATHAuth extension): Reauth for enabling 2FA can be bypassed by submitting a form. * Fix CVE-2025-11261: Escape system messages in mw.language.listToText. * Fix CVE-2025-61635 (ConfirmEdit extension): ApiFancyCaptchaReload: Reuse badcaptcha rate limit. * Fix CVE-2025-61638 (parsoid): Sanitize data- attributes. * Fix CVE-2025-61639: Use ManualLogEntry::getDeleted in ::getRecentChange. * Fix CVE-2025-61640: Parse messages instead of inserting them as HTML. * Fix CVE-2025-61641: api: Disable maxsize in QueryAllPages in miser mode. * Fix CVE-2025-61643: Don't send suppressed recent changes to RCFeeds. * Fix CVE-2025-61646: Prevent leaking hidden usernames in Watchlist/RecentChanges. * Fix CVE-2025-61653 (TextExtracts extension): Add authorizeRead check for extracts endpoint. * ConfirmEdit extension: Backport upstream change to avoid double-escaping the captcha-edit-fail message via both Html::element and RawMessage. * Fix CVE-2025-61655 (VisualEditor extension): Properly escape and parse system messages. * Fix CVE-2025-61656 (VisualEditor extension): Sanitize attributes unwrapped from data-ve-attributes. Checksums-Sha1: efc97f953b2363263eb6fd4487b07468be792eff 2390 mediawiki_1.35.13-1+deb11u5.dsc 81807cda2f31e979242d86ac491f9ac6da3fbb00 123620 mediawiki_1.35.13-1+deb11u5.debian.tar.xz b4ef583d0cf1812397bc13afb5768c980e14cd21 7782 mediawiki_1.35.13-1+deb11u5_amd64.buildinfo Checksums-Sha256: ecfbadfb2b4129adbaecd32a52bc085743b3ae623f7f51f37dfe5b7b577545e9 2390 mediawiki_1.35.13-1+deb11u5.dsc 9a7f74a746979afb36627e87871657da7ec2b6bc320fb2e42607e360ebeed588 123620 mediawiki_1.35.13-1+deb11u5.debian.tar.xz 2c1901b32d6350807cd56dd6e9d0f4833f1cb5632d9ba983ebe169f8fb2c60db 7782 mediawiki_1.35.13-1+deb11u5_amd64.buildinfo Files: 25ac6a5690f3d308dcea5e375cc582a9 2390 web optional mediawiki_1.35.13-1+deb11u5.dsc d619a308234492b5aa420feac0185d49 123620 web optional mediawiki_1.35.13-1+deb11u5.debian.tar.xz 32d6a9a442e89bf17d3b86af82ae6cc0 7782 web optional mediawiki_1.35.13-1+deb11u5_amd64.buildinfo
-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmkD8DAACgkQ05pJnDwh pVIecg/7Bz+pfhy3cD9GZv9L1w/GpqfI9KdeBGxeRVrUkUF7WpCfitg0Wm4bShTi Lwv1kPfcnY60C0ypDSNyzONdorQ+TO5h0aKLukIA//5V9GkFR4Mck/kIDcG7FZAd QOV80bVRP1oH6xvf1fjSZj975+PDT2/IqJjP9OsPVJCX40pVaOw5jOVQAOzYyX5E IBvY5lGxqhG0TZEpQAFAv48vm0clX4mklv/xNKzNu8qYQVIiolZhPJNMCapVAkv9 IUxVlaG06E1TGDaRtK1wZn3Ihdj8kcqy5/N3ni7RjhB54sqCMu3FH4aFPrQvzIxm NOXaZCqxpdgp+TMm5yU78CexbME61Y3khSF4+YafCkLp8wE6CYqGOMeWLRe5wFbK CQWJdlX7il6D+HSj2fMgiX1Unz0iqJMxoeNkxLPrnmJgmrG1wuSrRhX8uvOZGAMd iXajbVUupW3xWm8YvuvfWNXJA/nle4pQCHANsDYvPqfmIZXshU5+ebKxhUpsyOMZ O7vh85DWCEO6iE1fkhg9J6zg+6k6XNZeGmoHCgwlznL1yZPrX8ku2Z0CEQMAryyX Bs30exJztCJDtfOv83nrE2FDivijNnEBIDQM+x4SnCWX9Tr3rHfrjyKHp/MmPKK8 KRi+476ZW2tInsD7j/b7uuw2efkGGKX0KlZtq0Arw+NRvciuBOk= =deoT -----END PGP SIGNATURE-----
pgpoedDjcV9hD.pgp
Description: PGP signature
