FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mediawiki -- multiple vulnerabilities

Affected packages
mediawiki135 < 1.35.7
mediawiki137 < 1.37.3
mediawiki138 < 1.38.2

Details

VuXML ID 5ab54ea0-fa94-11ec-996c-080027b24e86
Discovery 2022-05-16
Entry 2022-07-03

Mediawiki reports:

(T308471) Username is not escaped in the "welcomeuser" message.

(T308473) Username not escaped in the contributions-title message.

(T309377, CVE-2022-29248) Update "guzzlehttp/guzzle" to version 6.5.6.

(T311384, CVE-2022-27776) Update "guzzlehttp/guzzle" to 6.5.8/7.4.5.

References

CVE Name CVE-2022-27776
CVE Name CVE-2022-29248
URL https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/PIPYDRSHXOYW5DB7X755QDNUV5EZWPWB/