Accepted mediawiki 1:1.31.16-1+deb10u7 (source) into oldoldstable
- To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
- Subject: Accepted mediawiki 1:1.31.16-1+deb10u7 (source) into oldoldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Tue, 28 Nov 2023 03:20:19 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: mediawiki_1.31.16-1+deb10u7_source.changes
- Debian-source: mediawiki
- Debian-suite: oldoldstable
- Debian-version: 1:1.31.16-1+deb10u7
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=fsEh/R6KB5Q1XKTU8AEjfleyaPkRfMyErwv+ro8ZriY=; b=cz7HI4V1EP3CbZ8It1LeU4SjDs zVOBhw2nTcVOkZ8reduCs3CPxndXrkuGRbg9YKtdlAQBuwQf5NvhsaekdEuo3VyWk9ZLK0j6yS7aY JF8Il1fu3bE8HpWqWjw3wKaGoOBx2Cd+fiiix64ISWKJgOccSC3XL1XxGQId1rOsFuclGsti5CKsg NsO9sAiDMRNg8hzfPpi0+VJzT+2gg4GwRgMNJcMs45snBhDgZWUXpE+Ckd40JtCfM8z87p3id4bdP tTjjo+74oO9NdUPro/eDMqwuSqs1Btl4zDy611DDP/VPihf+HezYNErLan7xbNTx9bcyJESL8fDXq 9Ab54U4w==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1r7oe3-007Ds7-DI@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 28 Nov 2023 03:35:04 +0100
Source: mediawiki
Architecture: source
Version: 1:1.31.16-1+deb10u7
Distribution: buster-security
Urgency: high
Maintainer: Kunal Mehta <legoktm@debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Changes:
mediawiki (1:1.31.16-1+deb10u7) buster-security; urgency=high
.
* Non-maintainer upload by the LTS Security Team.
* Fix CVE-2023-3550: Namespaces used in XML files are not validated, so
if the instance administrator allows XML file uploads, then a remote
attacker with a low-privileged user account can gain unprivileged access.
* Fix CVE-2023-45362: diff-multi-sameuser (aka “X intermediate revisions by
the same user not shown”) ignores username suppression, which is an
information leak.
* Fix CVE-2023-45363: denial of service vulnerability (unbounded loop and
RequestTimeoutException) when querying pages redirected to other variants
with redirects and converttitles set.
Checksums-Sha1:
8c864b0c782b46263b85147ce356c7562014ee20 2130 mediawiki_1.31.16-1+deb10u7.dsc
63aa3a84e9618307a6ad9a1a67a14e44385c5403 122364 mediawiki_1.31.16-1+deb10u7.debian.tar.xz
b6d3ac7b0df1f179c7b4a0b53ae102ac6bb5787d 6741 mediawiki_1.31.16-1+deb10u7_amd64.buildinfo
Checksums-Sha256:
5a11b50f1b1e66d5ac234499a2c34ba0bd581f1b13058de63070d85b3d1c9870 2130 mediawiki_1.31.16-1+deb10u7.dsc
2ce725e9bdde623c4b93bb15b0a0786d9601468faa9d8b0d4f19fc63c91bd129 122364 mediawiki_1.31.16-1+deb10u7.debian.tar.xz
608af6d00d4584bd5056f21ec70172f986fed4cdead7d844c3873a9754d7dc0d 6741 mediawiki_1.31.16-1+deb10u7_amd64.buildinfo
Files:
c5408339266f2263b3d22f019a377bed 2130 web optional mediawiki_1.31.16-1+deb10u7.dsc
e40673fe08cf57c06391df7fc2d3910c 122364 web optional mediawiki_1.31.16-1+deb10u7.debian.tar.xz
9da323102c53183d01a5cac1b08cee71 6741 web optional mediawiki_1.31.16-1+deb10u7_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmVlUy0ACgkQ05pJnDwh
pVKTbg//TzVPuD3Yc7leexfMHPeBvMCaZ3rO1opoio/VwiCAq4PO7RMaOJni4f78
zuW8OZr3kMRt5zxZ7sSZHWGNMeERAP1eRfQzIUQSZd2QXbI8es6+0l846u/jEUTh
NNFBPgqnFbUo97+UGaoacJT3cmHoJ+WZR4D40J/4ZOgh6kgsaP5YO57bPZVCa/zG
KKvHrH67Fk8zYO1i42lluBvK21ixt4oa4GKHyCsoouqP3MWyyMsN3X1QhRJL+vCC
1lnDVZL4oallFLbTYr1F9vIE0+ztj5DEFhGK+3giFJKTWIvXsOmvvcgYVtIJ6UCo
b6cs0pnM6/m0X2d03zEYo1+NZO4cthvmv/uMbX6hAqIDOPJlH9iBkC/5vWhuwJch
ZS9st+rnDuAgPuvN/ATJN0g2uaXObnhYV2wV4H2ZKer3KDqiHef4wn52eEhFnM6O
lt+Az+70D5Ol2diC9rM6Ki4P9yCEZKqMZ3qqWm+HtLAXNaaxzbioNbCMKQxiz/EC
1m4EYXa7VDzczf9OB2gFmV1Hlv9SqfJJ/FKRJxHM0spqTcN6JK5LOiNGhVf9phiE
vSbDY2pcOIAzYlO//4xiWm93dwkvF4jwgIma9ma08WKcdAl2sPMvRvWjlLDfqpOR
Hlh0kwZm/1q1rUT82EohGC6ChzKVSt3vsncTxKdld4dpGqMzEmM=
=rNzk
-----END PGP SIGNATURE-----