Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1b22269d by Moritz Mühlenhoff at 2026-04-03T13:14:38+02:00
remaining mediawiki issues
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -85,25 +85,56 @@ CVE-2023-7343 (HiSecOS web server versions 05.0.00 to
08.3.01 prior to 08.3.02 c
TODO: check
CVE-2022-4986 (Hirschmann EagleSDV version 05.4.01 prior to 05.4.02 contains a
denial ...)
TODO: check
+CVE-2026-5266
+ - mediawiki 1:1.43.8+dfsg-1
+ [bookworm] - mediawiki <not-affected> (Vulnerable code not present,
Echo not yet bundled)
+ [bullseye] - mediawiki <not-affected> (Vulnerable code not present,
Echo not yet bundled)
+ NOTE: http://phabricator.wikimedia.org/T420154
+ NOTE:
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Echo/+/1265622 (REL1_43)
+ NOTE:
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Echo/+/1265608 (master)
+ NOTE:
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/DIBLSBHISKX6NFRUFNOGZRVW42E7R2QP/
+CVE-2026-34095
+ - mediawiki 1:1.43.8+dfsg-1
+ NOTE: http://phabricator.wikimedia.org/T419192
+ NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1265669
(REL1_43)
+ NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1265642 (master)
+ NOTE:
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/DIBLSBHISKX6NFRUFNOGZRVW42E7R2QP/
+CVE-2026-34089
+ - mediawiki <not-affected> (Vulnerable code not present, introduced
past 1.43)
+ NOTE: https://phabricator.wikimedia.org/T419168
+ NOTE:
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Scribunto/+/1265609
(master)
+ NOTE:
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/DIBLSBHISKX6NFRUFNOGZRVW42E7R2QP/
+CVE-2026-34094
+ - mediawiki 1:1.43.8+dfsg-1
+ [bookworm] - mediawiki <not-affected> (Vulnerable code not present)
+ [bullseye] - mediawiki <not-affected> (Vulnerable code not present)
+ NOTE: https://phabricator.wikimedia.org/T416090
+ NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1265668
(REL1_43)
+ NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1265641 (master)
+ NOTE:
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/DIBLSBHISKX6NFRUFNOGZRVW42E7R2QP/
CVE-2026-34086
- mediawiki 1:1.43.8+dfsg-1
NOTE: http://phabricator.wikimedia.org/T415584
NOTE:
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/AbuseFilter/+/1265634
(REL1_43)
NOTE:
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/AbuseFilter/+/1265611
(master)
+ NOTE:
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/DIBLSBHISKX6NFRUFNOGZRVW42E7R2QP/
CVE-2026-34093
- mediawiki 1:1.43.8+dfsg-1
NOTE: https://phabricator.wikimedia.org/T414547
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1265667
(REL1_43)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1265639 (master)
+ NOTE:
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/DIBLSBHISKX6NFRUFNOGZRVW42E7R2QP/
CVE-2026-34087
- mediawiki 1:1.43.8+dfsg-1
NOTE: https://phabricator.wikimedia.org/T412061
NOTE:
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/OATHAuth/+/1265614
(REL1_43)
NOTE:
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/OATHAuth/+/1265610
(master)
+ NOTE:
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/DIBLSBHISKX6NFRUFNOGZRVW42E7R2QP/
CVE-2026-34090
- mediawiki <not-affected> (Vulnerable code not present, introduced
past 1.43)
NOTE: https://phabricator.wikimedia.org/T411366
NOTE:
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/1240641
(master)
+ NOTE:
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/DIBLSBHISKX6NFRUFNOGZRVW42E7R2QP/
CVE-2026-34091
- mediawiki 1:1.43.8+dfsg-1
[bookworm] - mediawiki <not-affected> (Introduced in 1.42)
@@ -111,16 +142,19 @@ CVE-2026-34091
NOTE: https://phabricator.wikimedia.org/T411305
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1265651
(REL1_43)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1265637 (master)
+ NOTE:
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/DIBLSBHISKX6NFRUFNOGZRVW42E7R2QP/
CVE-2026-34092
- mediawiki 1:1.43.8+dfsg-1
NOTE: https://phabricator.wikimedia.org/T384147
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1265652
(REL1_43)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1265638 (master)
+ NOTE:
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/DIBLSBHISKX6NFRUFNOGZRVW42E7R2QP/
CVE-2026-34088
- mediawiki 1:1.43.8+dfsg-1
NOTE: https://phabricator.wikimedia.org/T410429
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1265670
(REL1_43)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1265640 (master)
+ NOTE:
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/DIBLSBHISKX6NFRUFNOGZRVW42E7R2QP/
CVE-2026-35535 (In Sudo through 1.9.17p2 before 3e474c2, a failure of a
setuid, setgid ...)
- sudo 1.9.17p2-5 (bug #1130593)
[trixie] - sudo <no-dsa> (Minor issue, can be fixed in a point release)
=====================================
data/dsa-needed.txt
=====================================
@@ -21,7 +21,7 @@ ceph
cpp-httplib (jmm)
Maintainer preparing updates, waiting for feedback on bookworm status
--
-dovecot
+dovecot (jmm)
Noah Meyerhans working on updates
--
frr
@@ -49,6 +49,8 @@ linux (carnil)
--
mbedtls/oldstable
--
+mediawiki (jmm)
+--
netty
--
nghttp2
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b22269d65957e2f75462f13fe055c307c4cd2b4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b22269d65957e2f75462f13fe055c307c4cd2b4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
