Category Archives: Advisories

mediawiki-1.37.4-1.fc36

Read Time:1 Minute, 53 Second

FEDORA-2022-f83aec6d57

Packages in this update:

mediawiki-1.37.4-1.fc36

Update description:

MediaWiki 1.37.4

This is a maintenance release of the MediaWiki 1.37 branch.
Changes since MediaWiki 1.37.3

Localisation updates.
(T311568) UploadBase::setTempFile() handle $tempPath being passed as null.
(T311559) SpecialListFiles: user parameter isn’t always present.
(T311561) ImageListPager: Don’t call htmlspecialchars() on null.
(T311920) SpecialBlockList: Prevent passing null to trim().
(T311921) SpecialUserrights: Don’t pass null to str_replace.
(T311570) SpecialWithoutInterwiki: Don’t pass null through to

Title::capitalize().

(T311574, T311576) SpecialLinkSearch: Don’t pass null through to the parser.
(T312059) Update guzzlehttp/guzzle to 7.4.5 in vendor.
(T296435, T297669) cache: Add four fields to LinkCache::getSelectFields.

MediaWiki 1.37.3

This is a security and maintenance release of the MediaWiki 1.37 branch.
Changes since MediaWiki 1.37.2

Localisation updates.
(T289879) Type hints for ArrayAccess and JsonSerializable.
(T304783) TemplateParser: avoid warnings when called by NoLocalSettings.
Rebuilt vendor with composer 2.3.3.
Fix old_name in UserLogoutComplete hook.
(T289879) Address some deprecations for PHP 8.1.
(T193565) UserGroupManager: Fix dbDomain in addUserToGroup() deferred update.
(T309114) LocalFile::prerenderThumbnails: Limit the number of thumbnail jobs

triggered.

(T307982) Updated wikimedia/parsoid from v0.14.0 to v0.14.1.
(T308471) SECURITY: Escape welcomeuser message passed to showSuccessPage().
(T308473) SECURITY: Escape contributions-title msg for use within page title.
(T311272) Call parent constructor of AddSite maintenance script first.
MediaWiki: Don’t eagerly initialize action name.
Updated wikimedia/shellbox from v2.0.0 to v2.1.1.
(T311384, CVE-2022-27776) Updated guzzlehttp/guzzle from 7.2.0 to 7.4.5.
(T289926) Avoid passing null to trim() in SkinTemplate.
(T311473) rollbackEdits: Pass user identity to RollbackPage.
(T307282) Avoid passing null to strcasecmp(), for PHP 8.1.
(T311551) ShellboxClientFactory::getUrl(): Check if $this->key is null.
(T311552) ChangesListSpecialPage: Don’t pass null to FormatJson::decode().
(T311569) FileBackend::isStoragePath() Handle being passed null.
(T311544) Pass int to ApiUsageException::newWithMessage()’s $httpCode param.
(T311678) SpecialEditWatchlist: Prevent passing null to strtolower().
(T281741) ChangeTags: Fix adding CSS classes for hidden tags.
(T296642) changetags: Fix management of a ‘0’ tag.
(T311554) ChangeTags: Return early in formatSummaryRow() if $tags === null.
(T303033) Handle null in ChangeTags::modifyDisplayQuery.
Updated wikimedia/common-passwords from 0.3.0 to 0.4.0.

Read More

mediawiki-1.38.2-1.fc37

Read Time:1 Minute, 0 Second

FEDORA-2022-bca2c95559

Packages in this update:

mediawiki-1.38.2-1.fc37

Update description:

MediaWiki 1.38.2

This is a security and maintenance release of the MediaWiki 1.38 branch.
Changes since MediaWiki 1.38.1

Localisation updates.
(T309426) Repair language selector for SVGs.
(T310013) Fix default value for $wgShowEXIF and $wgUsePathInfo.
(T308471) SECURITY: Escape welcomeuser message passed to showSuccessPage().
(T308473) SECURITY: Escape contributions-title msg for use within page title.
(T311272) Call parent constructor of AddSite maintenance script first.
MediaWiki: Don’t eagerly initialize action name.
(T311384, CVE-2022-27776) Updated guzzlehttp/guzzle from 7.4.1 to 7.4.5.
(T289926) Avoid passing null to trim() in SkinTemplate.
(T289879) Address deprecations for PHP 8.1.
(T311473) rollbackEdits: Pass user identity to RollbackPage.
Upgrade wikimedia/remex-html from 3.0.1 to 3.0.2.
(T311551) ShellboxClientFactory::getUrl(): Check if $this->key is null.
(T311552) ChangesListSpecialPage: Don’t pass null to FormatJson::decode().
(T311569) FileBackend::isStoragePath() Handle being passed null.
(T311544) Pass int to ApiUsageException::newWithMessage()’s $httpCode param.
(T311678) SpecialEditWatchlist: Prevent passing null to strtolower().
(T311554) ChangeTags: Return early in formatSummaryRow() if $tags === null.
Upgrade wikimedia/common-passwords from 0.3.0 to 0.4.0.

Read More

CVE-2020-27784

Read Time:12 Second

A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl() printer_ioctl() tries to access of a printer_dev instance. However, use-after-free arises because it had been freed by gprinter_free().

Read More