TEMP-0000000-519C2D

NameTEMP-0000000-519C2D
Descriptionmediawiki: Denial of service vector via GET request to Special:MovePage on pages with thousands of subpages
SourceAutomatically generated temporary name. Not for external reference.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
mediawiki (PTS)stretch (security)1:1.27.7-1+deb9u11vulnerable
stretch (lts), stretch1:1.27.7-1+deb9u13vulnerable
buster1:1.31.16-1+deb10u2vulnerable
buster (security)1:1.31.16-1+deb10u8fixed
bullseye1:1.35.13-1~deb11u1vulnerable
bullseye (security)1:1.35.13-1+deb11u2fixed
bookworm1:1.39.5-1~deb12u1vulnerable
bookworm (security)1:1.39.7-1~deb12u1fixed
trixie, sid1:1.39.7-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mediawikisourcestretch(unfixed)end-of-life
mediawikisourcebuster1:1.31.16-1+deb10u8
mediawikisourcebullseye1:1.35.13-1+deb11u2
mediawikisourcebookworm1:1.39.7-1~deb12u1
mediawikisource(unstable)1:1.39.7-1

Notes

https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/V3WXEPXV2DU6WTVEKK4XHW4QXD5OFKD7/
https://phabricator.wikimedia.org/T357760
https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1015423
Search for package or bug name: Reporting problems