This Debian security advisory addresses multiple vulnerabilities (CVE-2026-34086 through CVE-2026-34095 and CVE-2026-5266) in MediaWiki that could lead to information disclosure or incomplete permission checks. For Debian oldstable (bookworm), the issues are fixed in version 1:1.39.17-1+deb12u2, and for stable (trixie), in version 1:1.43.8+dfsg-1~deb13u1. The advisory recommends upgrading the mediawiki packages to these specific versions.
[SECURITY] [DSA 6208-1] mediawiki security update To : debian-security-announce@lists.debian.org Subject : [SECURITY] [DSA 6208-1] mediawiki security update From : Moritz Muehlenhoff < jmm@debian.org > Date : Sun, 12 Apr 2026 09:37:22 +0000 Message-id : < [🔎] adtn0iMohoUQ0icf@seger.debian.org > Reply-to : debian-security-announce-request@lists.debian.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6208-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 12, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mediawiki CVE ID : CVE-2026-34086 CVE-2026-34087 CVE-2026-34088 CVE-2026-34091 CVE-2026-34092 CVE-2026-34093 CVE-2026-34094 CVE-2026-34095 CVE-2026-5266 Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in information disclosure or incomplete permission checks. For the oldstable distribution (bookworm), these problems have been fixed in version 1:1.39.17-1+deb12u2. For the stable distribution (trixie), these problems have been fixed in version 1:1.43.8+dfsg-1~deb13u1. We recommend that you upgrade your mediawiki packages. For the detailed security status of mediawiki please refer to its security tracker page at: https://security-tracker.debian.org/tracker/mediawiki Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmnbZrgACgkQEMKTtsN8 TjZUSg//Vvv54Pq1HnUCIrOIiaO1rSael/enl1PpexKQS8mRZYwuk0UX+6Ukaw2D 26LHCFPLrnBcYEolHx8LXCkI4dnAkCfPrHbnCGzJqnzIFDsfyRCOofQGOhobxMnK ZK4WuaTopCXHy7EuaDxYvDDGZwfY/Z4VcDJ2Naj4jazomVvDZqwOmsHZL2zYqXft 4nek8e+znbcACYhjWf7BkUoO95XU1czNJYe5TcJ8h4Nz8R+mlXpq9Ko08p0jz5DA rNsW5P7esWF2/AmV9evcqyVnMsZy8T56lvm3CtV3w7DQi0X+EkaJ7oZPpUe/HNCU HzHhnEkL0Uxs7PuQXkMKw4JYRsBeVVOFJ8lhZ7gGpqf850qYPSkZBwWWQz8OwGUH TgO89EzT3HixDh674hOGL/NgP/MoxwOdc71ThB8T6AjCUlSNmh7WW1AAis1JaqRG R6P8DRzTJ81p7PxlU8BHDvljTbm3GoqaxA0ckz/skEC5sPUU+MJkim9PycMBqxAZ 5GjSwf0QI3+A0Pg9yk7UvphCnhUHNc5/lQCsRelZhjA60PPMpI99YB8XMgPMam4j H3uqtPNnvEF63EACxvC/y6LwGG/I6QHgDnRLv8+hUfYh6anOs23N5pIcELTvGR5R VwgHsQ8hB7E1WYfpzEZMFtjuWpNdq5+jvRh9DJNROjZ3P7KD644= =sYi7 -----END PGP SIGNATURE----- Reply to: debian-security-announce@lists.debian.org Moritz Muehlenhoff (on-list) Moritz Muehlenhoff (off-list) Prev by Date: [SECURITY] [DSA 6207-1] flatpak security update Previous by thread: [SECURITY] [DSA 6207-1] flatpak security update Index(es): Date Thread