Debian Mediawiki vulnerabilities

CVE-2015-2940 [MEDIUM] CVE-2015-2940: mediawiki - Cross-site request forgery (CSRF) vulnerability in the CheckUser extension for M... Cross-site request forgery (CSRF) vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors. Scope: local bookworm: resolved (fixed in 1:1.19.20+dfsg-2.3) bullseye: resolved (fixed in 1:1.19.20+dfsg-2.3) forky: resolved (

CVE-2015-6727 [MEDIUM] CVE-2015-6727: mediawiki - The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before... The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the "Change block" text. Scope: local bookworm: resolved (fixed in 1:1.25.5-1) bullseye: resolved (fixed in 1:1.25.5-1) forky: resolved (fixed in 1:1.25.5-1) sid: resolved (fixed in 1:1.2

CVE-2015-8004 [MEDIUM] CVE-2015-8004: mediawiki - MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does no... MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not properly restrict access to revisions, which allows remote authenticated users with the viewsuppressed user right to remove revision suppressions via a crafted revisiondelete action, which returns a valid a change form. Scope: local bookworm: resolved (fixed in 1:1.25.5-1) bullseye:

CVE-2015-2932 [MEDIUM] CVE-2015-2932: mediawiki - Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23... Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an animated href XLink element. Scope: local bookworm: resolved (fixed in 1:1.19.20+dfsg-2.3) bullseye: resolved (fixed in 1:1.19.20+dfsg-2.3) forky: resolved (fixed in 1:1.19.20+dfsg-2.3) s

CVE-2015-2934 [MEDIUM] CVE-2015-2934: mediawiki - MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 does not ... MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 does not properly handle when the Zend interpreter xml_parse function does not expand entities, which allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file. Scope: local bookworm: resolved (fixed in 1:1.19.20+dfsg-2.3) bullseye: resolved (fixed in 1:1.19.20+dfsg-

CVE-2015-2933 [MEDIUM] CVE-2015-2933: mediawiki - Cross-site scripting (XSS) vulnerability in the Html class in MediaWiki before 1... Cross-site scripting (XSS) vulnerability in the Html class in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a LanguageConverter substitution string when using a language variant. Scope: local bookworm: resolved (fixed in 1:1.19.20+dfsg-2.3) bullseye: resolved (fixed in 1:1.

CVE-2015-2939 [MEDIUM] CVE-2015-2939: mediawiki - Cross-site scripting (XSS) vulnerability in the Scribunto extension for MediaWik... Cross-site scripting (XSS) vulnerability in the Scribunto extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a function name, which is not properly handled in a Lua error backtrace. Scope: local bookworm: resolved (fixed in 1:1.19.20+dfsg-2.3) bullseye: resolved (fixed in 1:1.19.20+dfsg-2.3) forky: resolved (fixed in 1:1.19.

CVE-2015-8625 [HIGH] CVE-2015-8625: mediawiki - MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x... MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly sanitize parameters when calling the cURL library, which allows remote attackers to read arbitrary files via an @ (at sign) character in unspecified POST array parameters. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trix

CVE-2015-8627 [MEDIUM] CVE-2015-8627: mediawiki - MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x... MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly normalize IP addresses containing zero-padded octets, which might allow remote attackers to bypass intended access restrictions by using an IP address that was not supposed to have been allowed. Scope: local bookworm: resolved (fixed in 1:1.25.5-1) bullse

CVE-2015-8622 [MEDIUM] CVE-2015-8622: mediawiki - Cross-site scripting (XSS) vulnerability in MediaWiki before 1.23.12, 1.24.x bef... Cross-site scripting (XSS) vulnerability in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1, when is configured with a relative URL, allows remote authenticated users to inject arbitrary web script or HTML via wikitext, as demonstrated by a wikilink to a page named "javascript:alert('XSS!')." Scope: local bookworm: re

CVE-2015-8624 [HIGH] CVE-2015-8624: mediawiki - The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.... The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant time before determining if a debugging message should be logged, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a

CVE-2015-6729 [MEDIUM] CVE-2015-6729: mediawiki - Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.1... Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the rel404 parameter, which is not properly handled in an error page. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2015-2942 [HIGH] CVE-2015-2942: mediawiki - MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when usi... MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an (1) SVG file or (2) XMP metadata in a PDF file, aka a "billion laughs attack," a different vulnerability than CVE-2015-2937. Scope: local bookwo

CVE-2015-2941 [MEDIUM] CVE-2015-2941: mediawiki - Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x befor... Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to api.php, which is not properly handled in an error message, related to unsafe calls to wddx_serialize_value. Scope: l

CVE-2015-8628 [MEDIUM] CVE-2015-8628: mediawiki - The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Spe... The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads, and (5) Special:AllMyUploads pages in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 allow remote attackers to obtain sensitive user login information via crafted links combined with page view statistics. Scope: local book

CVE-2015-8001 [LOW] CVE-2015-8001: mediawiki - The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.... The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not restrict the uploaded data to the claimed file size, which allows remote authenticated users to cause a denial of service via a chunk that exceeds the file size. Scope: local bookworm: resolved (fixed in 1:1.25.5-1) bullseye: resolved (fixed in 1:1.

CVE-2015-8626 [CRITICAL] CVE-2015-8626: mediawiki - The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.2... The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which makes it easier for remote attackers to obtain access via a brute-force attack. Scope: local bookworm: resolved (fixed in 1:1.25.5-1) bullseye: resolved (fixed in 1:1.

CVE-2015-8623 [HIGH] CVE-2015-8623: mediawiki - The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.... The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8624. Scope: local bookworm: resolved (fixed in 1

CVE-2014-9277 [HIGH] CVE-2014-9277: mediawiki - The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.2... The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7 allows remote attackers to conduct PHP object injection attacks via a crafted string containing in a PHP format request, which causes the string length to change when converting the request to . Scope: local bookworm: reso

CVE-2014-5241 [MEDIUM] CVE-2014-5241: mediawiki - The JSONP endpoint in includes/api/ApiFormatJson.php in MediaWiki before 1.19.18... The JSONP endpoint in includes/api/ApiFormatJson.php in MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 accepts certain long callback values and does not restrict the initial bytes of a JSONP response, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a