MGASA-2022-0338

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2022-0338.html

Import Source

https://advisories.mageia.org/MGASA-2022-0338.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2022-0338

Related

Published

2022-09-16T19:39:55Z

Modified

2022-09-16T18:44:57Z

Summary

Updated mediawiki packages fix security vulnerability

Details

Username is not escaped in the "welcomeuser" message (T308471).

Bundled guzzlehttp/guzzle has been updated to 6.5.8, fixing several issues (CVE-2022-29248, CVE-2022-31042, CVE-2022-31043, CVE-2022-31090, CVE-2022-31091).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:8 / mediawiki

Package

Name: mediawiki
Purl: pkg:rpm/mageia/mediawiki?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.35.7-1.mga8

Ecosystem specific

{
    "section": "core"
}