22 matches found
[SECURITY] [DSA 5957-1] mediawiki security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5957-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 03, 2025 https://www.debian.org/security/faq -...
MGASA-2022-0338 Updated mediawiki packages fix security vulnerability
Username is not escaped in the "welcomeuser" message T308471. Bundled guzzlehttp/guzzle has been updated to 6.5.8, fixing several issues CVE-2022-29248, CVE-2022-31042, CVE-2022-31043, CVE-2022-31090, CVE-2022-31091...
PT-2022-18873 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: MediaWiki versions 1.37.x before 1.37.2 Description: A denial-of-service issue was discovered. The rendering of "w/index.php?title=Special:WhatLinksHere&target=Property:P31&namespace=1&invert=1" can take more than thirty seconds, posing a DDo...
[SECURITY] Fedora 33 Update: mediawiki-1.35.4-1.fc33
MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances...
MGASA-2019-0279 Updated mediawiki packages fix security vulnerabilities
Updated mediawiki packages fix security vulnerabilities: Potential XSS in jQuery CVE-2019-11358. An account can be logged out without using a token CSRF CVE-2019-12466. A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them CVE-2019-12467. Directly...
Fedora 26 : mediawiki (2017-05cb6287b7)
https://www.mediawiki.org/wiki/Releasenotes/1.28MediaWiki1.28.1 Changes since 1.28.0 - $wgRunJobsAsync is now false by default T142751. This change only affects wikis with $wgJobRunRate 0. - Fix fatal from 'WaitConditionLoop' not being found, experienced when a wiki has more than one database...
[SECURITY] Fedora 23 Update: mediawiki-1.26.3-1.fc23
MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances...
MGASA-2016-0210 Updated mediawiki packages fix security vulnerability
The mediawiki package has been updated to version 1.23.14, which fixes multiple security issues and other bugs. See the release announcements for more details...
MGASA-2014-0506 Updated mediawiki packages fix security vulnerabilies
In MediaWiki before 1.23.7, a missing CSRF check could allow reflected XSS on wikis that allow raw HTML CVE-2014-9276. MediaWiki's mangling, in MediaWiki before 1.23.7, could allow an article editor to inject code into API consumers that blindly unserialize PHP representations of the page from th...
Fedora 19 : mediawiki-1.23.2-1.fc19 (2014-9548)
This is a major update from the 1.21 branch to the 1.23 long term support branch. - bug 68187 SECURITY: Prepend jsonp callback with comment. - CVE-2014-5241 - bug 66608 SECURITY: Fix for XSS issue in bug 66608: Generate the URL used for loading a new page in JavaScript,instead of relying on the U...
MGASA-2014-0309 Updated mediawiki packages fix security vulnerabilities
MediaWiki before 1.23.2 is vulnerable to JSONP injection in Flash CVE-2014-5241, XSS in mediawiki.page.image.pagination.js CVE-2014-5242, and clickjacking between OutputPage and ParserOutput CVE-2014-5243. This update provides MediaWiki 1.23.2, fixing these and other issues...
MGASA-2014-0253 Updated mediawiki packages fix security vulnerability
XSS vulnerability in MediaWiki before 1.22.7, due to usernames on Special:PasswordReset being parsed as wikitext. The username on Special:PasswordReset can be supplied by anyone and will be parsed with wgRawHtml enabled. Since Special:PasswordReset is whitelisted by default on private wikis, this...
MGASA-2014-0157 Updated mediawiki packages fix CVE-2014-2665
Updated mediawiki packages fix security vulnerability: Login CSRF issue in MediaWiki before 1.22.5 in Special:ChangePassword, whereby a user can be logged into an attackers account without being aware of it, allowing the attacker to track the user's activity CVE-2014-2665. MediaWiki has been...
Fedora 19 : mediawiki-1.21.6-1.fc19 (2014-3344)
bug 60771 SECURITY: Disallow uploading SVG files using non-whitelisted namespaces. Also disallow iframe elements. User will get an error including the namespace name if they use a non-whitelisted namespace. - bug 61346 SECURITY: Make token comparison use constant time. It seems like our token...
MGASA-2014-0124 Updated mediawiki packages fix multiple vulnerabilities
Updated mediawiki packages fix security vulnerabilities: MediaWiki before 1.22.3 does not block unsafe namespaces, such as a W3C XHTML namespace, in uploaded SVG files. Some client software may use these namespaces in a way that results in XSS. This was fixed by disallowing uploading SVG files...
MGASA-2014-0113 Updated mediawiki packages fix security vulnerabilities
MediaWiki user Michael M reported that the fix for CVE-2013-4568 allowed insertion of escaped CSS values which could pass the CSS validation checks, resulting in XSS CVE-2013-6451. Chris from RationalWiki reported that SVG files could be uploaded that include external stylesheets, which could lea...
MGASA-2013-0226 Updated mediawiki packages fix security vulnerabilities
This update provides MediaWiki 1.20.6, fixing several unspecified security issues. This replaces the MediaWiki 1.16.5 version, which has been EOL upstream for quite some time now, that was shipped with Mageia 2. MediaWiki removed the Math extension for the 1.18 release, but it is now available...
Fedora 18 : mediawiki-1.19.4-2.fc18 (2013-3265)
Bring mediawiki up to date to fix multiple bugs, security holes, and bring new features. The package should automatically attempt to upgrade your wiki, but please make sure to perform backups before updating. Special care may be required for MySQL based wikis. See bug 845818. Read the main...
Fedora 17 : mediawiki-1.19.4-2.fc17 (2013-3227)
Bring mediawiki up to date to fix multiple bugs, security holes, and bring new features. The package should automatically attempt to upgrade your wiki, but please make sure to perform backups before updating. Special care may be required for MySQL based wikis. See bug 845818. Read the main...
Fedora 15 : mediawiki-1.16.4-58.fc15 (2011-5848)
This update brings mediawiki to version 1.16.4, which is the latest stable release at the moment, but currently also the only supported and recommended release by the mediawiki developer community. Further changes : - some simple wiki management functionality was added : - mw-createinstance creat...