[Git][security-tracker-team/security-tracker][master] auto-nfu: Extend Mediawiki rule
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Jan 14 13:37:08 GMT 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
35dd65c7 by Moritz Muehlenhoff at 2026-01-14T14:35:33+01:00
auto-nfu: Extend Mediawiki rule
- - - - -
2 changed files:
- data/CVE/list
- data/packages/nfu.yaml
Changes:
=====================================
data/CVE/list
=====================================
@@ -1762,7 +1762,7 @@ CVE-2026-22080 (This vulnerability exists in Tenda wireless routers (300Mbps Wir
CVE-2026-22079 (This vulnerability exists in Tenda wireless routers (300Mbps Wireless ...)
NOT-FOR-US: Tenda
CVE-2026-0817 (Missing Authorization vulnerability in Wikimedia Foundation MediaWiki ...)
- TODO: check
+ NOT-FOR-US: MediaWiki extensions/skins not packaged in Debian
CVE-2026-0803 (A vulnerability was found in PHPGurukul Online Course Registration Sys ...)
NOT-FOR-US: PHPGurukul
CVE-2026-0627 (The AMP for WP plugin for WordPress is vulnerable to Stored Cross-Site ...)
@@ -1891,13 +1891,13 @@ CVE-2025-51602 [vlc MMS out of bounds read]
- vlc 3.0.22-1
NOTE: https://www.videolan.org/security/sb-vlc3022.html
CVE-2026-22714 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: MediaWiki extensions/skins not packaged in Debian
CVE-2026-22713 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: MediaWiki extensions/skins not packaged in Debian
CVE-2026-22712 (Improper Encoding or Escaping of Outputdue to magic word replacement i ...)
- TODO: check
+ NOT-FOR-US: MediaWiki extensions/skins not packaged in Debian
CVE-2026-22710 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: MediaWiki extensions/skins not packaged in Debian
CVE-2026-22636
REJECTED
CVE-2026-22635
=====================================
data/packages/nfu.yaml
=====================================
@@ -632,15 +632,20 @@
- product: MediaWiki GlobalBlocking extension
- product: MediaWiki PageForms extension
- product: MediaWiki WatchAnalytics extension
+ - product: Mediawiki - ApprovedRevs Extension
+ - product: MediaWiki - CampaignEvents extension
- product: MediaWiki - CSS extension
- product: Mediawiki - ExternalGuidance
+ - product: Mediawiki - GrowthExperiments Extension
- product: Mediawiki - LanguageSelector Extension
- product: Mediawiki - LastModified Extension
- product: Mediawiki - Lockdown Extension
+ - product: Mediawiki - Monaco Skin
- product: Mediawiki - PageTriage Extension
- product: MediaWiki - ProofreadPage Extension
- product: Mediawiki - Translate Extension
- product: MediaWiki - VisualData Extension
+ - product: Mediawiki - Wikibase Extension
- product: Mediawiki - WikiLambda Extension
- product: Mediawiki - WikiLove Extension
- product: Mediawiki - Wikistories
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35dd65c78fb8d223c2755801e4feda2de74c2446
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35dd65c78fb8d223c2755801e4feda2de74c2446
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260114/eb474197/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list