hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动
文件
c3a853d2cf868f00cda8fae6ec2ed2a3a2709782
websafe-kb/08-threat-intel/registry/advisories/mediawiki--0cd3c8cc6d.json

145 行
16 KiB
JSON
原始文件 Blame 文件历史

{
"canonical_id": "mediawiki--0cd3c8cc6d",
"system_id": "mediawiki",
"display_name": "MediaWiki",
"category": "cms",
"advisory_mode": "core",
"title": "[MediaWiki-announce] Security and maintenance release: 1.39.16 / 1.43.6 / 1.44.3 / 1.45.1",
"summary": "I would like to announce the release of MediaWiki 1.39.16, 1.43.6, 1.44.3\nand 1.45.1!\n\nThese releases serve as security and maintenance releases for these\nbranches.\n\nThe tarballs have already been uploaded as of this email, and the git tags\nwill be pushed shortly.\n\nA \"MediaWiki Extensions Security Release Supplement\" e-mail will follow\nthis one, covering security updates for non-bundled extensions.\n\nReports of bugs with PHP 8.0 to 8.5 support are particularly welcome, and\nfixes will be back-ported when possible. If you find issues that haven't\nbeen backported, please report these too, referring to the relevant\nsupported release.\n\nPHP 8.x workboards:\n* https://phabricator.wikimedia.org/tag/php_8.0_support/\n* https://phabricator.wikimedia.org/tag/php_8.1_support/\n* https://phabricator.wikimedia.org/tag/php_8.2_support/\n* https://phabricator.wikimedia.org/tag/php_8.3_support/\n* https://phabricator.wikimedia.org/tag/php_8.4_support/\n* https://phabricator.wikimedia.org/tag/php_8.5_support/\n\nAs a reminder, MediaWiki 1.35 became end of life (EOL) in December 2023,\nMediaWiki 1.40 became EOL in June 2024, MediaWiki 1.41 became EOL in\nDecember 2024 and MediaWiki 1.42 became EOL at the end of June 2025.\n\nMediaWiki 1.39 (the old LTS before 1.43) becomes EOL in December 2025,\nlater this month. It is strongly recommended to upgrade to 1.43 (the next\nLTS after 1.39), which will be supported until December 2027.\n\nA formal EOL email for MediaWiki 1.39 will come later this month. This is\nbecause as per our support policy, it is to be supported until the end of\nthe month, but we are not expecting any further changes to be made to the\nbranch.\n\nFor T401987/T401995, when using format=xml with the api, the xslt feature\nhas been disabled by default for all installations. If for some reason you\nneed it (modern browsers won't likely load the stylesheets anyway), you can\nturn it back on again by setting `$wgEnableUnsafeXsltOption = true;` in\nLocalSettings.php, but this functionality will be removed in 1.46, so you\nshould migrate any usages ahead of this removal occuring.\n\n== Security fixes ==\n\n* (T401987, T401995, CVE-2025-67484) SECURITY: Disable xslt option by\ndefault.\n* (T406639, CVE-2025-67477) SECURITY: Escape word-separator message in\nSpecial:ApiSandbox.\n* (T406664, CVE-2025-67475) SECURITY: Escape square brackets in autocomment\nlinks.\n* (T405859, CVE-2025-67476) SECURITY: Do not use importers IP in case of\nexternal rev author.\n* (T385403, CVE-2025-67478) SECURITY: Always escape commas in mail\nencoded-words.\n* (T407131, CVE-2025-67479) SECURITY: Sanitizer: disallow underscore and\nwide underscore in data-* attribute names.\n* (T401053, CVE-2025-67480) SECURITY: Check read permissions in\nApiQueryRevisionsBase.\n* (T409226, CVE-2025-67483) SECURITY: mediawiki.page.preview: Escape\n'comma-separator' between multiple protection levels.\n* (T251032, CVE-2025-67481) SECURITY: Disallow 'style' attribute in\nclient-side messages (jqueryMsg).\n* (T408135, CVE-2025-67482) SECURITY: Lua segfault in unpack().\n\n== Links to all mentioned tasks ==\n* https://phabricator.wikimedia.org/T251032\n* https://phabricator.wikimedia.org/T385403\n* https://phabricator.wikimedia.org/T401053\n* https://phabricator.wikimedia.org/T401987\n* https://phabricator.wikimedia.org/T401995\n* https://phabricator.wikimedia.org/T405859\n* https://phabricator.wikimedia.org/T406639\n* https://phabricator.wikimedia.org/T406664\n* https://phabricator.wikimedia.org/T407131\n* https://phabricator.wikimedia.org/T408135\n* https://phabricator.wikimedia.org/T409226\n\n== Release notes ==\n\nFull release notes for 1.39.16:\nhttps://phabricator.wikimedia.org/diffusion/MW/browse/REL1_39/RELEASE-NOTES-1.39\nhttps://www.mediawiki.org/wiki/Release_notes/1.39\n\nFull release notes for 1.43.6:\nhttps://phabricator.wikimedia.org/diffusion/MW/browse/REL1_43/RELEASE-NOTES-1.43\nhttps://www.mediawiki.org/wiki/Release_notes/1.43\n\nFull release notes for 1.44.3:\nhttps://phabricator.wikimedia.org/diffusion/MW/browse/REL1_44/RELEASE-NOTES-1.44\nhttps://www.mediawiki.org/wiki/Release_notes/1.44\n\nFull release notes for 1.45.1:\nhttps://phabricator.wikimedia.org/diffusion/MW/browse/REL1_45/RELEASE-NOTES-1.45\nhttps://www.mediawiki.org/wiki/Release_notes/1.45\n\nFor information about how to upgrade, see\n<https://www.mediawiki.org/wiki/Manual:Upgrading>\n\n**********************************************************************\nDownload:\nhttps://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.16.tar.gz\nhttps://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.16.zip\n\nDownload without bundled extensions:\nhttps://releases.wikimedia.org/mediawiki/1.39/mediawiki-core-1.39.16.tar.gz\nhttps://releases.wikimedia.org/mediawiki/1.39/mediawiki-core-1.39.16.zip\n\nPatch to previous version (1.39.15):\nhttps://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.16.patch.gz\nhttps://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.16.patch.zip\n\nGPG signatures:\nhttps://releases.wikimedia.org/mediawiki/1.39/mediawiki-core-1.39.16.tar.gz.sig\nhttps://releases.wikimedia.org/mediawiki/1.39/mediawiki-core-1.39.16.zip.sig\nhttps://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.16.tar.gz.sig\nhttps://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.16.zip.sig\nhttps://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.16.patch.gz.sig\nhttps://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.16.patch.zip.sig\n\nPublic keys:\nhttps://www.mediawiki.org/keys/keys.html\n\n**********************************************************************\nDownload:\nhttps://releases.wikimedia.org/mediawiki/1.43/mediawiki-1.43.6.tar.gz\nhttps://releases.wikimedia.org/mediawiki/1.43/mediawiki-1.43.6.zip\n\nDownload without bundled extensions:\nhttps://releases.wikimedia.org/mediawiki/1.43/mediawiki-core-1.43.6.tar.gz\nhttps://releases.wikimedia.org/mediawiki/1.43/mediawiki-core-1.43.6.zip\n\nPatch to previous version (1.43.5):\nhttps://releases.wikimedia.org/mediawiki/1.43/mediawiki-1.43.6.patch.gz\nhttps://releases.wikimedia.org/mediawiki/1.43/mediawiki-1.43.6.patch.zip\n\nGPG signatures:\nhttps://releases.wikimedia.org/mediawiki/1.43/mediawiki-core-1.43.6.tar.gz.sig\nhttps://releases.wikimedia.org/mediawiki/1.43/mediawiki-core-1.43.6.zip.sig\nhttps://releases.wikimedia.org/mediawiki/1.43/mediawiki-1.43.6.tar.gz.sig\nhttps://releases.wikimedia.org/mediawiki/1.43/mediawiki-1.43.6.zip.sig\nhttps://releases.wikimedia.org/mediawiki/1.43/mediawiki-1.43.6.patch.gz.sig\nhttps://releases.wikimedia.org/mediawiki/1.43/mediawiki-1.43.6.patch.zip.sig\n\nPublic keys:\nhttps://www.mediawiki.org/keys/keys.html\n\n**********************************************************************\nDownload:\nhttps://releases.wikimedia.org/mediawiki/1.44/mediawiki-1.44.3.tar.gz\nhttps://releases.wikimedia.org/mediawiki/1.44/mediawiki-1.44.3.zip\n\nDownload without bundled extensions:\nhttps://releases.wikimedia.org/mediawiki/1.44/mediawiki-core-1.44.3.tar.gz\nhttps://releases.wikimedia.org/mediawiki/1.44/mediawiki-core-1.44.3.zip\n\nPatch to previous version (1.44.2):\nhttps://releases.wikimedia.org/mediawiki/1.44/mediawiki-1.44.3.patch.gz\nhttps://releases.wikimedia.org/mediawiki/1.44/mediawiki-1.44.3.patch.zip\n\nGPG signatures:\nhttps://releases.wikimedia.org/mediawiki/1.44/mediawiki-core-1.44.3.tar.gz.sig\nhttps://releases.wikimedia.org/mediawiki/1.44/mediawiki-core-1.44.3.zip.sig\nhttps://releases.wikimedia.org/mediawiki/1.44/mediawiki-1.44.3.tar.gz.sig\nhttps://releases.wikimedia.org/mediawiki/1.44/mediawiki-1.44.3.zip.sig\nhttps://releases.wikimedia.org/mediawiki/1.44/mediawiki-1.44.3.patch.gz.sig\nhttps://releases.wikimedia.org/mediawiki/1.44/mediawiki-1.44.3.patch.zip.sig\n\nPublic keys:\nhttps://www.mediawiki.org/keys/keys.html\n\n**********************************************************************\nDownload:\nhttps://releases.wikimedia.org/mediawiki/1.45/mediawiki-1.45.1.tar.gz\nhttps://releases.wikimedia.org/mediawiki/1.45/mediawiki-1.45.1.zip\n\nDownload without bundled extensions:\nhttps://releases.wikimedia.org/mediawiki/1.45/mediawiki-core-1.45.1.tar.gz\nhttps://releases.wikimedia.org/mediawiki/1.45/mediawiki-core-1.45.1.zip\n\nPatch to previous version (1.45.0):\nhttps://releases.wikimedia.org/mediawiki/1.45/mediawiki-1.45.1.patch.gz\nhttps://releases.wikimedia.org/mediawiki/1.45/mediawiki-1.45.1.patch.zip\n\nGPG signatures:\nhttps://releases.wikimedia.org/mediawiki/1.45/mediawiki-core-1.45.1.tar.gz.sig\nhttps://releases.wikimedia.org/mediawiki/1.45/mediawiki-core-1.45.1.zip.sig\nhttps://releases.wikimedia.org/mediawiki/1.45/mediawiki-1.45.1.tar.gz.sig\nhttps://releases.wikimedia.org/mediawiki/1.45/mediawiki-1.45.1.zip.sig\nhttps://releases.wikimedia.org/mediawiki/1.45/mediawiki-1.45.1.patch.gz.sig\nhttps://releases.wikimedia.org/mediawiki/1.45/mediawiki-1.45.1.patch.zip.sig\n\nPublic keys:\nhttps://www.mediawiki.org/keys/keys.html",
"published_at": "Wed, 10 Dec 2025 22:22:38 +0000",
"updated_at": "Wed, 10 Dec 2025 22:22:38 +0000",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/FOY6VXTBCCHIGYGSTQBPN3UFCL6CAX6Y/",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"xss-output-encoding",
"authz-server-side-recheck",
"file-upload-validation",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"entity_refs": [
{
"entity_id": "mediawiki",
"entity_type": "system",
"relation": "root-system",
"root_system_id": "mediawiki",
"official": true
}
],
"affected_components": [
{
"name": "MediaWiki",
"entity_id": "mediawiki",
"scope": "core",
"package_name": null,
"official": true
}
],
"affected_version_ranges": [],
"fixed_version_ranges": [],
"introduced_version": null,
"patched_version": null,
"version_evidence_sources": [
"https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/FOY6VXTBCCHIGYGSTQBPN3UFCL6CAX6Y/"
],
"advisory_scope": "core",
"version_confidence": "low",
"version_gap_reason": "official bulletin or aggregated source did not expose explicit affected/fixed versions",
"version_resolution_needed": true,
"workflow": {
"workflow_id": "mediawiki--0cd3c8cc6d--workflow",
"vuln_family": "xss",
"entry_surface": "web-ui-render-path",
"preconditions": [
"\u4ec5\u5728 lab-local\u3001lab-public \u6216\u660e\u786e\u6388\u6743\u76ee\u6807\u4e2d\u6267\u884c\u3002",
"\u786e\u8ba4\u76ee\u6807\u547d\u4e2d\u7248\u672c\u65ad\u8a00: \u9700\u8981\u4ece\u516c\u544a\u3001\u9501\u6587\u4ef6\u3001\u7248\u672c\u9875\u6216\u5173\u4e8e\u9875\u9762\u4eba\u5de5\u786e\u8ba4\u7248\u672c\u547d\u4e2d",
"\u82e5\u5bf9\u8c61\u5c5e\u4e8e `core`\uff0c\u5148\u786e\u8ba4\u6269\u5c55/\u4ed3\u5e93/\u5305\u5df2\u542f\u7528\u5e76\u5904\u4e8e\u53d7\u5f71\u54cd\u7248\u672c\u3002"
],
"required_role": "editor-or-admin",
"affected_version_assertion": [
"\u9700\u8981\u4ece\u516c\u544a\u3001\u9501\u6587\u4ef6\u3001\u7248\u672c\u9875\u6216\u5173\u4e8e\u9875\u9762\u4eba\u5de5\u786e\u8ba4\u7248\u672c\u547d\u4e2d"
],
"trigger_vector": "\u5bf9 `xss` \u5bb6\u65cf\u5165\u53e3\u6295\u9012\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\uff0c\u6bd4\u8f83\u4fee\u590d\u524d\u540e\u5dee\u5f02\u3002",
"request_or_ui_path": [
"/admin/editor",
"/preview",
"/rendered-content"
],
"input_shape": "\u53d7\u63a7 HTML/Markdown/\u5bcc\u6587\u672c\u8f93\u5165\uff0c\u89c2\u5bdf\u6e32\u67d3\u4e0a\u4e0b\u6587\u662f\u5426\u5931\u53bb\u7f16\u7801\u6216\u51c0\u5316\u3002",
"expected_unsafe_behavior": "\u8f93\u5165\u5728\u76ee\u6807\u4e0a\u4e0b\u6587\u6267\u884c\u6216\u88ab\u6d4f\u89c8\u5668\u89e3\u91ca\u4e3a\u4e3b\u52a8\u5185\u5bb9\u3002",
"server_evidence_points": [
"\u5e94\u7528\u65e5\u5fd7\u4e2d\u7684\u547d\u4e2d\u8def\u5f84\u3001\u9274\u6743\u51b3\u7b56\u548c\u5f02\u5e38\u6808",
"\u53cd\u5411\u4ee3\u7406\u6216\u8fb9\u754c\u5c42\u65e5\u5fd7\u4e2d\u7684\u8bf7\u6c42\u5934\u3001\u6765\u6e90 IP \u4e0e\u8def\u7531\u51b3\u7b56"
],
"browser_evidence_points": [
"\u57fa\u7ebf\u622a\u56fe\u4e0e\u653b\u51fb\u540e\u622a\u56fe\u7684 DOM/\u89c6\u89c9\u5dee\u5f02",
"console\u3001network \u4e0e response metadata \u4e2d\u7684\u5f02\u5e38\u4fe1\u53f7"
],
"db_or_fs_evidence_points": [
"\u6570\u636e\u5e93\u4e2d\u65b0\u589e/\u8d8a\u6743\u8bfb\u53d6\u7684\u6d4b\u8bd5\u6570\u636e",
"\u6587\u4ef6\u7cfb\u7edf\u4e2d\u65b0\u589e\u4e0a\u4f20\u6837\u672c\u3001\u7f13\u5b58\u6761\u76ee\u6216\u8d8a\u6743\u8bfb\u53d6\u75d5\u8ff9"
],
"detection_signals": [
"WAF / reverse proxy \u5f02\u5e38\u65e5\u5fd7\u3001\u8bbf\u95ee\u65e5\u5fd7\u548c\u544a\u8b66",
"\u5e94\u7528\u5ba1\u8ba1\u65e5\u5fd7\u4e2d\u7684\u6743\u9650\u9519\u8bef\u3001\u91cd\u5b9a\u5411\u5f02\u5e38\u3001\u6a21\u677f\u6e32\u67d3\u6216\u4e0a\u4f20\u843d\u76d8\u4e8b\u4ef6"
],
"mitigation_summary": "\u4f18\u5148\u5347\u7ea7\u5230\u4fee\u590d\u7248\u672c\uff0c\u5e76\u540c\u65f6\u6536\u7d27\u8f93\u5165\u6821\u9a8c\u3001\u670d\u52a1\u7aef\u9274\u6743\u3001\u4ee3\u7406\u4fe1\u4efb\u8fb9\u754c\u3001\u6269\u5c55\u5b89\u88c5\u4fe1\u4efb\u548c\u5ba1\u8ba1\u65e5\u5fd7\u3002",
"patch_validation_steps": [
"\u786e\u8ba4\u76ee\u6807\u7248\u672c\u4ece `\u53d7\u5f71\u54cd\u7248\u672c\u533a\u95f4` \u5347\u7ea7\u6216\u56de\u79fb\u5230 `\u4fee\u590d\u7248\u672c`\u3002",
"\u4fdd\u7559\u540c\u4e00\u7ec4\u53d7\u63a7\u8f93\u5165\uff0c\u5728\u4fee\u590d\u524d\u540e\u5206\u522b\u6267\u884c\u5e76\u6bd4\u5bf9\u54cd\u5e94\u3001\u65e5\u5fd7\u4e0e\u6d4f\u89c8\u5668\u8bc1\u636e\u3002",
"\u786e\u8ba4\u4fee\u590d\u540e\u4ec5\u4fdd\u7559\u9884\u671f\u4e1a\u52a1\u884c\u4e3a\uff0c\u4e0d\u518d\u89e6\u53d1\u8d8a\u6743\u3001\u56de\u663e\u3001\u5f02\u5e38\u6e32\u67d3\u6216\u9519\u8bef\u8bf7\u6c42\u3002",
"\u8865\u5145 `xss` \u65cf\u81ea\u52a8\u5316\u56de\u5f52\uff0c\u907f\u514d\u540c\u7c7b\u8def\u5f84\u5728\u63d2\u4ef6\u3001\u4e3b\u9898\u6216\u4ee3\u7406\u94fe\u4e2d\u56de\u5f52\u3002"
],
"lab_safety_notes": [
"\u53ea\u4f7f\u7528\u56de\u73af\u5730\u5740\u3001\u54e8\u5175\u76ee\u6807\u3001\u65e0\u5bb3\u6837\u672c\u6216\u53ef\u56de\u6eda\u6d4b\u8bd5\u6570\u636e\u3002",
"\u7981\u6b62\u9020\u6210\u6301\u4e45\u7834\u574f\u3001\u8d8a\u6743\u4e0b\u8f7d\u771f\u5b9e\u6570\u636e\u6216\u4e0d\u53ef\u56de\u6eda side effect\u3002",
"\u5982\u9700\u6d4f\u89c8\u5668\u8bc1\u636e\uff0c\u4fdd\u7559 baseline / proof \u4e24\u4efd\u5feb\u7167\u4ee5\u53ca console / network \u8bb0\u5f55\u3002"
],
"review_state": "needs-version-gap-review"
},
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"MediaWiki Announce RSS"
],
"source_kinds": [
"rss-feed"
],
"candidate_count": 1,
"entity_ref_count": 1,
"advisory_scope": "core",
"version_confidence": "low",
"workflow_id": "mediawiki--0cd3c8cc6d--workflow"
}
}
在新工单中引用 查看 Git Blame 复制永久链接