[Git][security-tracker-team/security-tracker][master] new mediawiki issues
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Jul 2 13:43:17 BST 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
04636165 by Moritz Muehlenhoff at 2025-07-02T14:26:34+02:00
new mediawiki issues
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,71 @@
+CVE-2025-6927
+ - mediawiki 1:1.43.3+dfsg-1
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/TT45WDZ7MDTXXBEFLBMLAJI532O2PN2U/
+ NOTE: https://phabricator.wikimedia.org/T397595
+ NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165118 (master)
+ NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165119 (master)
+CVE-2025-6926
+ - mediawiki 1:1.43.3+dfsg-1
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/TT45WDZ7MDTXXBEFLBMLAJI532O2PN2U/
+ NOTE: https://phabricator.wikimedia.org/T389010
+ NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CentralAuth/+/1165164 (master)
+ NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165117 (master)
+ NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165090 (REL1_39)
+CVE-2025-6597
+ - mediawiki 1:1.43.3+dfsg-1
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/TT45WDZ7MDTXXBEFLBMLAJI532O2PN2U/
+ NOTE: https://phabricator.wikimedia.org/T389009
+ NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165116 (master)
+ NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165088 (REL1_39)
+CVE-2025-6596
+ - mediawiki 1:1.43.3+dfsg-1
+ [bookworm] - mediawiki <not-affected> (Introduced in 1.40)
+ [bullseye] - mediawiki <not-affected> (Introduced in 1.40)
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/TT45WDZ7MDTXXBEFLBMLAJI532O2PN2U/
+ NOTE: https://phabricator.wikimedia.org/T396685
+ NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/skins/Vector/+/1165107 (master)
+CVE-2025-6595
+ - mediawiki 1:1.43.3+dfsg-1
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/TT45WDZ7MDTXXBEFLBMLAJI532O2PN2U/
+ NOTE: https://phabricator.wikimedia.org/T394863
+ NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/MultimediaViewer/+/1165106 (master)
+ NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/MultimediaViewer/+/1165144 (REL1_39)
+CVE-2025-6594
+ - mediawiki 1:1.43.3+dfsg-1
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/TT45WDZ7MDTXXBEFLBMLAJI532O2PN2U/
+ NOTE: https://phabricator.wikimedia.org/T395063
+ NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165115 (master)
+ NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165087 (REL1_39)
+CVE-2025-6593
+ - mediawiki 1:1.43.3+dfsg-1
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/TT45WDZ7MDTXXBEFLBMLAJI532O2PN2U/
+ NOTE: https://phabricator.wikimedia.org/T396230
+ NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165114 (master)
+ NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165086 (REL1_39)
+CVE-2025-6592
+ - mediawiki 1:1.43.3+dfsg-1
+ [bookworm] - mediawiki <not-affected> (Only affects 1.44 and later)
+ [bullseye] - mediawiki <not-affected> (Only affects 1.44 and later)
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/TT45WDZ7MDTXXBEFLBMLAJI532O2PN2U/
+ NOTE: https://phabricator.wikimedia.org/T391218
+ NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1143146 (master)
+CVE-2025-6591
+ - mediawiki 1:1.43.3+dfsg-1
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/TT45WDZ7MDTXXBEFLBMLAJI532O2PN2U/
+ NOTE: https://phabricator.wikimedia.org/T392276
+ NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165113 (master)
+ NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165085 (REL1_39)
+CVE-2025-6590
+ - mediawiki 1:1.43.3+dfsg-1
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/TT45WDZ7MDTXXBEFLBMLAJI532O2PN2U/
+ NOTE: https://phabricator.wikimedia.org/T392746
+ NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165112 (master)
+ NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165084 (REL1_39)
+CVE-2025-6589
+ - mediawiki 1:1.43.3+dfsg-1
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/TT45WDZ7MDTXXBEFLBMLAJI532O2PN2U/
+ NOTE: https://phabricator.wikimedia.org/T391343
+ NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165111 (master)
CVE-2025-6687 (The Magic Buttons for Elementor plugin for WordPress is vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2025-6686 (The Magic Buttons for Elementor plugin for WordPress is vulnerable to ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -33,6 +33,8 @@ linux (carnil)
Wait until more issues have piled up, though try to regulary rebase for point
releases to more 6.1.y versions
--
+mediawiki (jmm)
+--
netty
--
nodejs
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04636165930eb7b0486dfc264a89b017b885685d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04636165930eb7b0486dfc264a89b017b885685d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250702/58e2f519/attachment.htm>
More information about the debian-security-tracker-commits
mailing list