{"id":"MGASA-2022-0338","summary":"Updated mediawiki packages fix security vulnerability","details":"Username is not escaped in the \"welcomeuser\" message (T308471).\n\nBundled guzzlehttp/guzzle has been updated to 6.5.8, fixing several issues\n(CVE-2022-29248, CVE-2022-31042, CVE-2022-31043, CVE-2022-31090,\nCVE-2022-31091).\n","modified":"2026-04-16T04:43:15.253187905Z","published":"2022-09-16T19:39:55Z","upstream":["CVE-2022-29248","CVE-2022-31042","CVE-2022-31043","CVE-2022-31090","CVE-2022-31091"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2022-0338.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=30837"},{"type":"ADVISORY","url":"https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3"},{"type":"ADVISORY","url":"https://github.com/guzzle/guzzle/security/advisories/GHSA-w248-ffj2-4v5q"},{"type":"ADVISORY","url":"https://github.com/guzzle/guzzle/security/advisories/GHSA-f2wf-25xc-69c9"},{"type":"ADVISORY","url":"https://github.com/guzzle/guzzle/security/advisories/GHSA-q559-8m2m-g699"},{"type":"ADVISORY","url":"https://github.com/guzzle/guzzle/security/advisories/GHSA-25mq-v84q-4j7r"},{"type":"WEB","url":"https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/PIPYDRSHXOYW5DB7X755QDNUV5EZWPWB/"}],"affected":[{"package":{"name":"mediawiki","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/mediawiki?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.35.7-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0338.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}