Package: mediawiki | Debian Sources

Package: mediawiki / 1:1.35.13-1+deb11u2

Metadata

Package	Version	Patches format
mediawiki	1:1.35.13-1+deb11u2	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
0001 Have Scribunto use packaged lua5.1 rather than bundl.patch \| (download)	extensions/Scribunto/extension.json \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	have scribunto use packaged lua5.1 rather than bundled
0002 SECURITY Limit subpages displayed on Special MovePag.patch \| (download)	includes/specials/SpecialMovepage.php \| 28 26 + 2 - 0 ! 1 file changed, 26 insertions(+), 2 deletions(-)	[patch] security: limit subpages displayed on special:movepage form CVE-2024-PENDING Why: * Special:MovePage shows the list of subpages for the page provided before the user submits the form. * There is currently no limit on the number of subpages shown and as such loading the move page for a page with tens of thousands of subpages causes request timeouts when trying to generate the link HTML for each subpage. * Special:MovePage does not need to display all the subpages and can limit the list to wgMaximumMovedPages subpages as the user who submits the form would only move that many subpages if they specified to move these subpages. * A user wanting to find the full list can use Special:Prefix Index which provides paging. What: * Provide a $limit to Title::getSubpages for both calls in SpecialMovePage::showSubpages. $limit is defined as $wgMaximumMovedPages plus 1, where the extra subpage is used to determine if the results were truncated similar to IndexPager. * Because i18n modifications in security patches are to be strongly avoided, hard code the message shown when the list of subpages is truncated. This should be replaced with an actual message key when this is publicly uploaded to Gerrit. Bug: T357760

Patch

File delta

Description

0001 Have Scribunto use packaged lua5.1 rather than bundl.patch | (download)

extensions/Scribunto/extension.json | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 have scribunto use packaged lua5.1 rather than bundled

0002 SECURITY Limit subpages displayed on Special MovePag.patch | (download)

includes/specials/SpecialMovepage.php | 28 26 + 2 - 0 !
1 file changed, 26 insertions(+), 2 deletions(-)

 [patch] security: limit subpages displayed on special:movepage form

CVE-2024-PENDING

Why:
* Special:MovePage shows the list of subpages for the page
  provided before the user submits the form.
* There is currently no limit on the number of subpages shown
  and as such loading the move page for a page with tens of
  thousands of subpages causes request timeouts when trying
  to generate the link HTML for each subpage.
* Special:MovePage does not need to display all the subpages
  and can limit the list to wgMaximumMovedPages subpages as
  the user who submits the form would only move that many
  subpages if they specified to move these subpages.
* A user wanting to find the full list can use Special:Prefix
  Index which provides paging.

What:
* Provide a $limit to Title::getSubpages for both calls in
  SpecialMovePage::showSubpages. $limit is defined as
  $wgMaximumMovedPages plus 1, where the extra subpage is
  used to determine if the results were truncated similar to
  IndexPager.
* Because i18n modifications in security patches are to be
  strongly avoided, hard code the message shown when the
  list of subpages is truncated. This should be replaced with
  an actual message key when this is publicly uploaded to
  Gerrit.

Bug: T357760