Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: e6f57013 by Moritz Muehlenhoff at 2025-10-03T16:58:15+02:00 last batch of mediawiki issues - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,11 @@ +CVE-2025-61656 [Sanitize attributes unwrapped from data-ve-attributes] + - mediawiki <unfixed> + NOTE: https://phabricator.wikimedia.org/T397232 + NOTE: https://gerrit.wikimedia.org/r/c/VisualEditor/VisualEditor/+/1193247 +CVE-2025-61655 [Properly escape and parse system messages] + - mediawiki <unfixed> + NOTE: https://phabricator.wikimedia.org/T395858 + NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/VisualEditor/+/1193248 CVE-2025-61657 [Insert sticky header labels as text instead of HTML] - mediawiki <unfixed> [bookworm] - mediawiki <not-affected> (Vulnerable code not present) @@ -336,6 +344,7 @@ CVE-2025-61638 [Sanitize data- attributes] - mediawiki <unfixed> NOTE: https://phabricator.wikimedia.org/T401099 NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1193172 + NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1193218 CVE-2025-61637 [Escape three system messages used by live preview] - mediawiki <unfixed> [bookworm] - mediawiki <not-affected> (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6f57013523da10873bbac0418f945ad7715df49 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6f57013523da10873bbac0418f945ad7715df49 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
