Information on source package mediawiki

Available versions

ReleaseVersion
wheezy (security)1:1.19.20+dfsg-0+deb7u3
stretch1:1.27.2-1
sid1:1.27.2-1

Open issues

BugwheezystretchsidDescription
TEMP-0000000-8B87A6vulnerablefixedfixedmediawiki issues from 1.26.3, 1.25.6 and 1.23.14
CVE-2017-0372vulnerablefixedfixed
CVE-2017-0371vulnerablefixedfixed
CVE-2017-0370vulnerablefixedfixed
CVE-2017-0369vulnerablefixedfixed
CVE-2017-0368vulnerablefixedfixed
CVE-2017-0366vulnerablefixedfixed
CVE-2017-0365vulnerablefixedfixed
CVE-2017-0364vulnerablefixedfixed
CVE-2017-0363vulnerablefixedfixed
CVE-2017-0362vulnerablefixedfixed
CVE-2017-0361vulnerablefixedfixed
CVE-2016-6337vulnerablefixedfixedMediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass ...
CVE-2016-6336vulnerablefixedfixedMediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before ...
CVE-2016-6335vulnerablefixedfixedMediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before ...
CVE-2016-6334vulnerablefixedfixedCross-site scripting (XSS) vulnerability in the ...
CVE-2016-6333vulnerablefixedfixedCross-site scripting (XSS) vulnerability in the CSS user subpage ...
CVE-2016-6332vulnerablefixedfixedMediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before ...
CVE-2016-6331vulnerablefixedfixedApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x ...
CVE-2015-8628vulnerable (no DSA)fixedfixedThe (1) Special:MyPage, (2) Special:MyTalk, (3) ...
CVE-2015-8627vulnerable (no DSA)fixedfixedMediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, ...
CVE-2015-8626vulnerable (no DSA)fixedfixedThe User::randomPassword function in MediaWiki before 1.23.12, 1.24.x ...
CVE-2015-8624vulnerable (no DSA)fixedfixedThe User::matchEditToken function in includes/User.php in MediaWiki ...
CVE-2015-8623vulnerable (no DSA)fixedfixedThe User::matchEditToken function in includes/User.php in MediaWiki ...
CVE-2015-8622vulnerable (no DSA)fixedfixedCross-site scripting (XSS) vulnerability in MediaWiki before 1.23.12, ...
CVE-2015-8005vulnerable (no DSA)fixedfixedMediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before ...
CVE-2015-8004vulnerable (no DSA)fixedfixedMediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before ...
CVE-2015-8003vulnerable (no DSA)fixedfixedMediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before ...
CVE-2015-8002vulnerable (no DSA)fixedfixedThe chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x ...
CVE-2015-8001vulnerable (no DSA)fixedfixedThe chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x ...
CVE-2015-6730vulnerable (no DSA)fixedfixedCross-site scripting (XSS) vulnerability in thumb.php in MediaWiki ...
CVE-2015-6728vulnerable (no DSA)fixedfixedThe ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, ...
CVE-2015-6727vulnerable (no DSA)fixedfixedThe Special:DeletedContributions page in MediaWiki before 1.23.10, ...
CVE-2015-2940vulnerablefixedfixedCross-site request forgery (CSRF) vulnerability in the CheckUser ...
CVE-2015-2939vulnerablefixedfixedCross-site scripting (XSS) vulnerability in the Scribunto extension ...
CVE-2015-2938vulnerablefixedfixedCross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, ...
CVE-2015-2937vulnerablefixedfixedMediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before ...
CVE-2015-2936vulnerablefixedfixedMediaWiki 1.24.x before 1.24.2, when using PBKDF2 for password ...
CVE-2015-2935vulnerablefixedfixedMediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 ...
CVE-2015-2934vulnerablefixedfixedMediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 ...
CVE-2015-2933vulnerablefixedfixedCross-site scripting (XSS) vulnerability in the Html class in ...
CVE-2015-2932vulnerablefixedfixedIncomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x ...
CVE-2015-2931vulnerablefixedfixedIncomplete blacklist vulnerability in includes/upload/UploadBase.php ...
CVE-2013-7444vulnerable (no DSA)fixedfixedThe Special:Contributions page in MediaWiki before 1.22.0 allows ...

Open unimportant issues

BugwheezystretchsidDescription
CVE-2015-2942vulnerablefixedfixedMediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before ...
CVE-2015-2941vulnerablefixedfixedCross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, ...
CVE-2014-1686vulnerablevulnerablevulnerable
CVE-2007-0894vulnerablevulnerablevulnerableMediaWiki before 1.9.2 allows remote attackers to obtain sensitive ...

Resolved issues

BugDescription
CVE-2017-0367
CVE-2015-8625MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, ...
CVE-2015-6729Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki ...
CVE-2014-9507MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when ...
CVE-2014-9476MediaWiki 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before ...
CVE-2014-9475Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki ...
CVE-2014-9277The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki ...
CVE-2014-9276Cross-site request forgery (CSRF) vulnerability in the ...
CVE-2014-7295The (1) Special:Preferences and (2) Special:UserLogin pages in ...
CVE-2014-7199Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.19, ...
CVE-2014-5243MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and ...
CVE-2014-5242Cross-site scripting (XSS) vulnerability in ...
CVE-2014-5241The JSONP endpoint in includes/api/ApiFormatJson.php in MediaWiki ...
CVE-2014-3966Cross-site scripting (XSS) vulnerability in Special:PasswordReset in ...
CVE-2014-2853Cross-site scripting (XSS) vulnerability in ...
CVE-2014-2665includes/specials/SpecialChangePassword.php in MediaWiki before ...
CVE-2014-2244Cross-site scripting (XSS) vulnerability in the formatHTML function in ...
CVE-2014-2243includes/User.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x ...
CVE-2014-2242includes/upload/UploadBase.php in MediaWiki before 1.19.12, 1.20.x and ...
CVE-2014-1610MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x ...
CVE-2013-6472MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 ...
CVE-2013-6454Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, ...
CVE-2013-6453MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 ...
CVE-2013-6452Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, ...
CVE-2013-6451
CVE-2013-4572
CVE-2013-4568Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki ...
CVE-2013-4567Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki ...
CVE-2013-4303mediawiki XSS with IE6
CVE-2013-4302(1) ApiBlock.php, (2) ApiCreateAccount.php, (3) ApiLogin.php, (4) ...
CVE-2013-4301includes/resourceloader/ResourceLoaderContext.php in MediaWiki 1.19.x ...
CVE-2013-2114Unrestricted file upload vulnerability in the chunk upload API in ...
CVE-2013-2032MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow ...
CVE-2013-2031MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote ...
CVE-2013-1951
CVE-2013-1818maintenance/mwdoc-filter.php in MediaWiki before 1.20.3 allows remote ...
CVE-2013-1817mediawiki information disclosure in unblock API
CVE-2013-1816mediawiki insecure curl usage
CVE-2012-5391Session fixation vulnerability in Special:UserLogin in MediaWiki ...
CVE-2012-4885The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x ...
CVE-2012-4382Info leak in user blocks
CVE-2012-4381Passwords were stored in local DB even if auth systems like LDAP were used
CVE-2012-4380Insufficient API for account creation block
CVE-2012-4379CSRF
CVE-2012-4378DOM-based XSS
CVE-2012-4377[mediawiki stored XSS
CVE-2012-2698Cross-site scripting (XSS) vulnerability in the outputPage function in ...
CVE-2012-1582Cross-site scripting (XSS) vulnerability in the wikitext parser in ...
CVE-2012-1581MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 uses weak ...
CVE-2012-1580Cross-site request forgery (CSRF) vulnerability in Special:Upload in ...
CVE-2012-1579The resource loader in MediaWiki 1.17.x before 1.17.3 and 1.18.x ...
CVE-2012-1578Multiple cross-site request forgery (CSRF) vulnerabilities in ...
CVE-2012-0046mediawiki info leak
CVE-2011-4361MediaWiki before 1.17.1 does not check for read permission before ...
CVE-2011-4360MediaWiki before 1.17.1 allows remote attackers to obtain the page ...
CVE-2011-1766includes/User.php in MediaWiki before 1.16.5, when ...
CVE-2011-1765Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.5, ...
CVE-2011-1587Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.4, ...
CVE-2011-1580The transwiki import functionality in MediaWiki before 1.16.3 does not ...
CVE-2011-1579The checkCss function in includes/Sanitizer.php in the wikitext parser ...
CVE-2011-1578Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.3, ...
CVE-2011-0537Multiple directory traversal vulnerabilities in (1) ...
CVE-2011-0047Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.2 ...
CVE-2011-0003MediaWiki before 1.16.1, when user or site JavaScript or CSS is ...
CVE-2010-2789PHP remote file inclusion vulnerability in MediaWikiParserTest.php in ...
CVE-2010-2788Cross-site scripting (XSS) vulnerability in profileinfo.php in ...
CVE-2010-2787api.php in MediaWiki before 1.15.5 does not prevent use of public ...
CVE-2010-1648Cross-site request forgery (CSRF) vulnerability in the login interface ...
CVE-2010-1647Cross-site scripting (XSS) vulnerability in MediaWiki 1.15 before ...
CVE-2010-1190thumb.php in MediaWiki before 1.15.2, when used with ...
CVE-2010-1189MediaWiki before 1.15.2 does not prevent wiki editors from linking to ...
CVE-2010-1150MediaWiki before 1.15.3, and 1.6.x before 1.16.0beta2, does not ...
CVE-2009-4589Cross-site scripting (XSS) vulnerability in the Special:Block ...
CVE-2009-0737Multiple cross-site scripting (XSS) vulnerabilities in the web-based ...
CVE-2008-5688MediaWiki 1.8.1, and other versions before 1.13.3, when the ...
CVE-2008-5687MediaWiki 1.11, and other versions before 1.13.3, does not properly ...
CVE-2008-5252Cross-site request forgery (CSRF) vulnerability in the Special:Import ...
CVE-2008-5250Cross-site scripting (XSS) vulnerability in MediaWiki before 1.6.11, ...
CVE-2008-5249Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.0 through ...
CVE-2008-4408Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0, ...
CVE-2008-1318Unspecified vulnerability in MediaWiki 1.11 before 1.11.2 allows ...
CVE-2008-0460Cross-site scripting (XSS) vulnerability in api.php in (1) MediaWiki ...
CVE-2007-4828Cross-site scripting (XSS) vulnerability in the API pretty-printing ...
CVE-2007-1055Cross-site scripting (XSS) vulnerability in the AJAX features in ...
CVE-2007-1054Cross-site scripting (XSS) vulnerability in the AJAX features in ...
CVE-2007-0788Cross-site scripting (XSS) vulnerability in MediaWiki 1.9.x before ...
CVE-2007-0177Cross-site scripting (XSS) vulnerability in the AJAX module in ...
CVE-2006-2895Cross-site scripting (XSS) vulnerability in MediaWiki 1.6.0 up to ...
CVE-2006-1498Cross-site scripting (XSS) vulnerability in MediaWiki before 1.5.8 and ...
CVE-2006-0322Unspecified vulnerability the edit comment formatting functionality in ...
CVE-2005-4501MediaWiki before 1.5.4 uses a hard-coded "internal placeholder ...
CVE-2005-4031Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows ...
CVE-2005-3167Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not ...
CVE-2005-3166Unspecified vulnerability in "edit submission handling" for MediaWiki ...
CVE-2005-3165Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki ...
CVE-2005-2396Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and ...
CVE-2005-2215Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x ...
CVE-2005-1888Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 ...
CVE-2005-1245Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, ...
CVE-2005-0536Directory traversal vulnerability in MediaWiki 1.3.x before 1.3.11 and ...
CVE-2005-0535Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x ...
CVE-2005-0534Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.x ...
CVE-2004-2187Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to ...
CVE-2004-2186SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers ...
CVE-2004-2185Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 ...
CVE-2004-2152Cross-site scripting (XSS) vulnerability in 'raw' page output mode for ...
CVE-2004-1405MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not ...

Security announcements

DSA / DLADescription
DSA-3110-1mediawiki - security update
DSA-3100-1mediawiki - security update
DSA-3046-1mediawiki - security update
DSA-3036-1mediawiki - security update
DSA-3011-1mediawiki - security update
DSA-2957-1mediawiki - security update
DSA-2891-1mediawiki - security update
DSA-2753-1mediawiki - cross-site request forgery token disclosure
DSA-2753-1mediawiki - cross-site request forgery token disclosure
DSA-2366-1mediawiki - multiple
DSA-2366-1mediawiki - multiple
DSA-2041-1mediawiki - cross-site request forgery
DSA-2022-1mediawiki - several vulnerabilities

Search for package or bug name: Reporting problems