[Git][security-tracker-team/security-tracker][master] first batch of mediawiki issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Jun 30 19:49:53 BST 2026



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
35890f3e by Moritz Muehlenhoff at 2026-06-30T20:49:24+02:00
first batch of mediawiki issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,24 @@
+CVE-2026-58032 [mw.Api.getErrorMessage: Treat formatversion=1 as text]
+	- mediawiki <unfixed>
+	NOTE: https://phabricator.wikimedia.org/T426867
+	NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306213 (main)
+	NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306310 (REL1_43)
+CVE-2026-58033 [Exclude rev-deleted usernames from distinct authors query]
+	- mediawiki <unfixed>
+	NOTE: https://phabricator.wikimedia.org/T427235
+	NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306212 (main)
+	NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306309 (REL1_43)
+CVE-2026-58028 [Disallow user JS in pretty-print api.php responses]
+	- mediawiki <unfixed>
+	NOTE: http://phabricator.wikimedia.org/T422306
+	NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306211 (main)
+	NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CentralAuth/+/1306216 (main)
+	NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306308 (REL1_43)
+	NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CentralAuth/+/1306320 (REL1_43)
+CVE-2026-58036 [Fix ApiQueryUsers leaking status ofprivate user conditions for user]
+	- mediawiki <not-affected> (Only affects 1.46 and later)
+	NOTE: https://phabricator.wikimedia.org/T425406
+	NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306035 (main)
 CVE-2026-13766
 	NOT-FOR-US: DBIx::QuickORM Perl module
 CVE-2026-57082



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35890f3e969bfed4d746f648b1a002c81bc59f2e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35890f3e969bfed4d746f648b1a002c81bc59f2e
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260630/e8e3d7e1/attachment.htm>


More information about the debian-security-tracker-commits mailing list