[Git][security-tracker-team/security-tracker][master] remaining mediawiki issues
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Apr 3 12:14:58 BST 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1b22269d by Moritz Mühlenhoff at 2026-04-03T13:14:38+02:00
remaining mediawiki issues
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -85,25 +85,56 @@ CVE-2023-7343 (HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 c
TODO: check
CVE-2022-4986 (Hirschmann EagleSDV version 05.4.01 prior to 05.4.02 contains a denial ...)
TODO: check
+CVE-2026-5266
+ - mediawiki 1:1.43.8+dfsg-1
+ [bookworm] - mediawiki <not-affected> (Vulnerable code not present, Echo not yet bundled)
+ [bullseye] - mediawiki <not-affected> (Vulnerable code not present, Echo not yet bundled)
+ NOTE: http://phabricator.wikimedia.org/T420154
+ NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Echo/+/1265622 (REL1_43)
+ NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Echo/+/1265608 (master)
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/DIBLSBHISKX6NFRUFNOGZRVW42E7R2QP/
+CVE-2026-34095
+ - mediawiki 1:1.43.8+dfsg-1
+ NOTE: http://phabricator.wikimedia.org/T419192
+ NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1265669 (REL1_43)
+ NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1265642 (master)
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/DIBLSBHISKX6NFRUFNOGZRVW42E7R2QP/
+CVE-2026-34089
+ - mediawiki <not-affected> (Vulnerable code not present, introduced past 1.43)
+ NOTE: https://phabricator.wikimedia.org/T419168
+ NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Scribunto/+/1265609 (master)
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/DIBLSBHISKX6NFRUFNOGZRVW42E7R2QP/
+CVE-2026-34094
+ - mediawiki 1:1.43.8+dfsg-1
+ [bookworm] - mediawiki <not-affected> (Vulnerable code not present)
+ [bullseye] - mediawiki <not-affected> (Vulnerable code not present)
+ NOTE: https://phabricator.wikimedia.org/T416090
+ NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1265668 (REL1_43)
+ NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1265641 (master)
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/DIBLSBHISKX6NFRUFNOGZRVW42E7R2QP/
CVE-2026-34086
- mediawiki 1:1.43.8+dfsg-1
NOTE: http://phabricator.wikimedia.org/T415584
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/AbuseFilter/+/1265634 (REL1_43)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/AbuseFilter/+/1265611 (master)
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/DIBLSBHISKX6NFRUFNOGZRVW42E7R2QP/
CVE-2026-34093
- mediawiki 1:1.43.8+dfsg-1
NOTE: https://phabricator.wikimedia.org/T414547
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1265667 (REL1_43)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1265639 (master)
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/DIBLSBHISKX6NFRUFNOGZRVW42E7R2QP/
CVE-2026-34087
- mediawiki 1:1.43.8+dfsg-1
NOTE: https://phabricator.wikimedia.org/T412061
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/OATHAuth/+/1265614 (REL1_43)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/OATHAuth/+/1265610 (master)
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/DIBLSBHISKX6NFRUFNOGZRVW42E7R2QP/
CVE-2026-34090
- mediawiki <not-affected> (Vulnerable code not present, introduced past 1.43)
NOTE: https://phabricator.wikimedia.org/T411366
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/1240641 (master)
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/DIBLSBHISKX6NFRUFNOGZRVW42E7R2QP/
CVE-2026-34091
- mediawiki 1:1.43.8+dfsg-1
[bookworm] - mediawiki <not-affected> (Introduced in 1.42)
@@ -111,16 +142,19 @@ CVE-2026-34091
NOTE: https://phabricator.wikimedia.org/T411305
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1265651 (REL1_43)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1265637 (master)
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/DIBLSBHISKX6NFRUFNOGZRVW42E7R2QP/
CVE-2026-34092
- mediawiki 1:1.43.8+dfsg-1
NOTE: https://phabricator.wikimedia.org/T384147
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1265652 (REL1_43)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1265638 (master)
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/DIBLSBHISKX6NFRUFNOGZRVW42E7R2QP/
CVE-2026-34088
- mediawiki 1:1.43.8+dfsg-1
NOTE: https://phabricator.wikimedia.org/T410429
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1265670 (REL1_43)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1265640 (master)
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/DIBLSBHISKX6NFRUFNOGZRVW42E7R2QP/
CVE-2026-35535 (In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid ...)
- sudo 1.9.17p2-5 (bug #1130593)
[trixie] - sudo <no-dsa> (Minor issue, can be fixed in a point release)
=====================================
data/dsa-needed.txt
=====================================
@@ -21,7 +21,7 @@ ceph
cpp-httplib (jmm)
Maintainer preparing updates, waiting for feedback on bookworm status
--
-dovecot
+dovecot (jmm)
Noah Meyerhans working on updates
--
frr
@@ -49,6 +49,8 @@ linux (carnil)
--
mbedtls/oldstable
--
+mediawiki (jmm)
+--
netty
--
nghttp2
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b22269d65957e2f75462f13fe055c307c4cd2b4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b22269d65957e2f75462f13fe055c307c4cd2b4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260403/d72b76c8/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list