Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: aff7df9d by Moritz Muehlenhoff at 2026-06-30T21:09:16+02:00 more mediawiki issues - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -1,24 +1,59 @@ +CVE-2026-58030 [Escape linelinks argument before passing it on to Pygments] + - mediawiki <unfixed> + NOTE: https://phabricator.wikimedia.org/T427167 + NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/SyntaxHighlight_GeSHi/+/1306180 (master) + NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/SyntaxHighlight_GeSHi/+/1306191 (REL1_43) +CVE-2026-58027 [Hide hit count for private/protected filters in API] + - mediawiki <unfixed> + NOTE: https://phabricator.wikimedia.org/T406954 + NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/AbuseFilter/+/1306182 (master) + NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/AbuseFilter/+/1306181 (REL1_43) +CVE-2026-58025 [Safely unserialize log entry parameters] + - mediawiki <unfixed> + NOTE: https://phabricator.wikimedia.org/T422244 + NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306343 (master) + NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306363 (REL1_43) +CVE-2026-58037 [LogFormatter: 'raw' parameter format is no longer raw HTML] + - mediawiki <unfixed> + NOTE: https://phabricator.wikimedia.org/T422995 + NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306232 (master) + NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306314 (REL1_43) +CVE-2026-58029 [Check for editmyprivateinfo right in more places] + - mediawiki <unfixed> + NOTE: http://phabricator.wikimedia.org/T422676 + NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306215 (master) + NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306313 (REL1_43) +CVE-2026-58024 [Restrict interwiki user lookup in ApiUserrights] + - mediawiki <unfixed> + NOTE: https://phabricator.wikimedia.org/T422085 + NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1268588 (master) + NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306312 (REL1_43) +CVE-2026-58026 [Make sure the actual title that's being transcluded is includable] + - mediawiki <unfixed> + NOTE: http://phabricator.wikimedia.org/T299359 + NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306214 (master) + NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306311 (REL1_43) CVE-2026-58032 [mw.Api.getErrorMessage: Treat formatversion=1 as text] - mediawiki <unfixed> NOTE: https://phabricator.wikimedia.org/T426867 - NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306213 (main) + NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306213 (master) NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306310 (REL1_43) CVE-2026-58033 [Exclude rev-deleted usernames from distinct authors query] - mediawiki <unfixed> NOTE: https://phabricator.wikimedia.org/T427235 - NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306212 (main) + NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306212 (master) NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306309 (REL1_43) CVE-2026-58028 [Disallow user JS in pretty-print api.php responses] - mediawiki <unfixed> NOTE: http://phabricator.wikimedia.org/T422306 - NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306211 (main) - NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CentralAuth/+/1306216 (main) + NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306211 (master) + NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CentralAuth/+/1306216 (master) NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306308 (REL1_43) NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CentralAuth/+/1306320 (REL1_43) CVE-2026-58036 [Fix ApiQueryUsers leaking status ofprivate user conditions for user] - mediawiki <not-affected> (Only affects 1.46 and later) NOTE: https://phabricator.wikimedia.org/T425406 - NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306035 (main) + NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306035 (master) CVE-2026-13766 NOT-FOR-US: DBIx::QuickORM Perl module CVE-2026-57082 ===================================== data/dsa-needed.txt ===================================== @@ -57,6 +57,8 @@ linux (carnil) Wait until more issues have piled up, though try to regulary rebase for point releases to more 6.1.y versions -- +mediawiki +-- netty -- nginx (carnil) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aff7df9d0486dcc48f44e39997e98867073dc3ff -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aff7df9d0486dcc48f44e39997e98867073dc3ff You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
