-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 23 Jul 2025 17:35:16 +0200
Source: mediawiki
Architecture: source
Version: 1:1.35.13-1+deb11u4
Distribution: bullseye-security
Urgency: high
Maintainer: Kunal Mehta <legoktm@debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Changes:
mediawiki (1:1.35.13-1+deb11u4) bullseye-security; urgency=high
.
* Non-maintainer upload by the LTS Team.
* Fix CVE-2025-3469: XSS-via-i18n vulnerabilities during web page
generation.
* Fix CVE-2025-6590: Complete content leak of private wikis due to
PasswordReset Wikitext injection in error message.
* Fix CVE-2025-6591: HTML injection in API action=feedcontributions output
from i18n message.
* Fix CVE-2025-6593: "{{SITENAME}} registered email address has been
changed" email sent to unverified email addresses.
* Fix CVE-2025-6594: XSS in Special:ApiSandbox (User interaction required).
* Fix CVE-2025-6595: Stored XSS through system messages in MultimediaViewer
* Fix CVE-2025-6597: MediaWiki should not consider autocreation as login for
the purposes of security reauthentication.
* Fix CVE-2025-6926: SUL3 local login should not count for security
reauthentication.
* Fix CVE-2025-32072: HTML injection vulenerability in feed output from i18n
message.
* Fix CVE-2025-32696: Restriction bypass vulnerability.
* Fix CVE-2025-32698: Improper enforcing of suppression restrictions in
LogPager.php.
* Fix CVE-2025-32699: Potential javascript injection attack enabled by
Unicode normalization in Action API.
Checksums-Sha1:
78ff4d68c60d833bdb20615ade1dc66dbd5d16df 2390 mediawiki_1.35.13-1+deb11u4.dsc
d2996e9bacd4abbe7731d2366efa1d750e137573 114564 mediawiki_1.35.13-1+deb11u4.debian.tar.xz
09578f5fbfc0e799d010ab0634ec5aee3d70c295 7782 mediawiki_1.35.13-1+deb11u4_amd64.buildinfo
Checksums-Sha256:
e00414d99257b85b0aeb41ca0a77baf511067767be434e90211c9f4908bda667 2390 mediawiki_1.35.13-1+deb11u4.dsc
17d323e5b9febf2e049d89accc563b42e37bd1e6065bc2a89b061f2389cd3ef3 114564 mediawiki_1.35.13-1+deb11u4.debian.tar.xz
ca679681efe11ff82d75d4416770ec057fa655e539548855c4e445f3d39aa200 7782 mediawiki_1.35.13-1+deb11u4_amd64.buildinfo
Files:
7b231c277da8cd98ad13018b8449d79a 2390 web optional mediawiki_1.35.13-1+deb11u4.dsc
8593ba6107ead4e6c9b45e53cdac45da 114564 web optional mediawiki_1.35.13-1+deb11u4.debian.tar.xz
e250ce7970c4b0001ab8b94cdfe5344e 7782 web optional mediawiki_1.35.13-1+deb11u4_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmiBAzAACgkQ05pJnDwh
pVKT4A//SIC9uwJjd7n8VMOufN1bMtbQqU8ayPY8rFaCrNNj2SPDX22nsxGzqA96
6PRFjv/12wSrakDFLEejpervkVtW0/+3EBX2MJmyikgctC90NF+rMwVxTI+EaxkW
KtELDiJoqgkkpRr0IonJmKZpOwsZye0FXVriziiTQuQadZXpUMmL1ra0FV3/oAgr
zwMncXKjhQ50plWB7Qs3ViACaqkQtEN8pmrXeqZsIMdFOGs6FR7bT9SXE1AW7v5o
2u21pA+HPFoRSg6VteE80GKK+ppQEY1IExy4sIoLXJpKjtMlSDwo0osxoxH4VySi
uU4x+Xtt/0C/HQoutkBTIg7MhyDfnqek7BB2I3bYY9AoNH2XVtnJ1wrATNNBH7rh
KC+pfXWXidMRSoZ3iwYReBBZeL0pyGPlaGGjq6fAtYIqB/wdr9oNj8cvhsvv7N8c
bwgBZUNaNeD5+cvMJf2ITQ9vncjjV/Otgn3KYvB3aUDPRGhULzIFBTyBAheR1UOQ
tWpFf5I+/2ssgWCsntUuTZH3rNb3dE9z1SQCXIvt6/f6zO8+B+GXmRwEUnXo2TE8
+kyrOUTbQeG/OasgQ7dODTWZAcQenEGyOnwgsgre0b0YjvwM3hMZJsCOSVMt6C3n
LzyowEcVmZ57P1JRWGw9+bHbnWK5aAADcM177CrwQQtv6mRtBX4=
=ovec
-----END PGP SIGNATURE-----
Attachment:
pgp6gppIqpSiu.pgp
Description: PGP signature