Advisories ยป MGASA-2022-0338

Updated mediawiki packages fix security vulnerability

Publication date: 16 Sep 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-29248 , CVE-2022-31042 , CVE-2022-31043 , CVE-2022-31090 , CVE-2022-31091

Description

Username is not escaped in the "welcomeuser" message (T308471).

Bundled guzzlehttp/guzzle has been updated to 6.5.8, fixing several issues
(CVE-2022-29248, CVE-2022-31042, CVE-2022-31043, CVE-2022-31090,
CVE-2022-31091).
                

References

SRPMS

8/core