{"id":"MGASA-2023-0241","summary":"Updated mediawiki packages fix security vulnerability","details":"guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP.\nAffected versions are subject to improper header parsing. An attacker\ncould sneak in a newline (\\n) into both the header names and values.\nWhile the specification states that \\r\\n\\r\\n is used to terminate the\nheader list, many servers in the wild will also accept \\n\\n\n(CVE-2023-29197).\n\nManualthumb bypasses badFile lookup (CVE-2023-36674).\n\nXSS in BlockLogFormatter due to unsafe message use (CVE-2023-36675).\n","modified":"2026-02-04T02:47:58.291336Z","published":"2023-07-26T22:07:49Z","related":["CVE-2023-29197","CVE-2023-36674","CVE-2023-36675"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2023-0241.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=32083"},{"type":"REPORT","url":"https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/HVT3U3XYY35PSCIQPHMY4VQNF3Q6MHUO/"}],"affected":[{"package":{"name":"mediawiki","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/mediawiki?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.35.11-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0241.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}