FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mediawiki -- multiple vulnerabilities

Affected packages
mediawiki135 < 1.35.11
mediawiki138 < 1.38.7
mediawiki139 < 1.39.4

Details

VuXML ID 95dad123-180e-11ee-86ba-080027eda32c
Discovery 2023-04-21
Entry 2023-07-01

Mediawiki reports:

(T335203, CVE-2023-29197) Upgrade guzzlehttp/psr7 to >= 1.9.1/2.4.5.

(T335612, CVE-2023-36674) Manualthumb bypasses badFile lookup.

(T332889, CVE-2023-36675) XSS in BlockLogFormatter due to unsafe message use.

[source]

References

CVE Name CVE-2023-29197
CVE Name CVE-2023-36674
CVE Name CVE-2023-36675
URL https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/HVT3U3XYY35PSCIQPHMY4VQNF3Q6MHUO/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.