| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 0001-Have-Scribunto-use-packaged-lua5.1-rather-than-bundl.patch | Have Scribunto use packaged lua5.1 rather than bundled | Kunal Mehta <legoktm@debian.org> | not-needed | 2020-07-31 | ||
| 0002-SECURITY-Limit-subpages-displayed-on-Special-MovePag.patch | [PATCH] SECURITY: Limit subpages displayed on Special:MovePage form CVE-2024-PENDING Why: * Special:MovePage shows the list of subpages for the page provided before the user submits the form. * There is currently no limit on the number of subpages shown and as such loading the move page for a page with tens of thousands of subpages causes request timeouts when trying to generate the link HTML for each subpage. * Special:MovePage does not need to display all the subpages and can limit the list to wgMaximumMovedPages subpages as the user who submits the form would only move that many subpages if they specified to move these subpages. * A user wanting to find the full list can use Special:Prefix Index which provides paging. What: * Provide a $limit to Title::getSubpages for both calls in SpecialMovePage::showSubpages. $limit is defined as $wgMaximumMovedPages plus 1, where the extra subpage is used to determine if the results were truncated similar to IndexPager. * Because i18n modifications in security patches are to be strongly avoided, hard code the message shown when the list of subpages is truncated. This should be replaced with an actual message key when this is publicly uploaded to Gerrit. |
Dreamy Jazz <wpgbrown@wikimedia.org> | no | upstream | 2024-02-18 |