Hi, mediawiki package has been updated recently for security update in stretch : old-sec: 1:1.27.7-1~deb9u4
But all our mediawiki servers failed with a blank page we have this error Exception encountered, of type "ParseError" [fdd9f60bf17425482b88d0fa] / ParseError from line 1813 of /usr/share/mediawiki/includes/user/User.php: syntax error, unexpected 'else' (T_ELSE) Backtrace: #0 [internal function]: AutoLoader::autoload(string) #1 /usr/share/mediawiki/includes/session/SessionBackend.php(125): spl_autoload_call(string) #2 /usr/share/mediawiki/includes/session/SessionManager.php(854): MediaWiki\Session\SessionBackend->__construct(MediaWiki\Session\SessionId, MediaWiki\Session\SessionInfo, CachedBagOStuff, MediaWiki\Logger\LegacyLogger, integer) #3 /usr/share/mediawiki/includes/session/SessionManager.php(301): MediaWiki\Session\SessionManager->getSessionFromInfo(MediaWiki\Session\SessionInfo, WebRequest) #4 /usr/share/mediawiki/includes/session/SessionManager.php(235): MediaWiki\Session\SessionManager->getEmptySessionInternal(WebRequest) #5 /usr/share/mediawiki/includes/session/SessionManager.php(185): MediaWiki\Session\SessionManager->getEmptySession(WebRequest) #6 /usr/share/mediawiki/includes/WebRequest.php(700): MediaWiki\Session\SessionManager->getSessionForRequest(WebRequest) #7 /usr/share/mediawiki/includes/session/SessionManager.php(121): WebRequest->getSession() #8 /usr/share/mediawiki/includes/Setup.php(747): MediaWiki\Session\SessionManager::getGlobalSession() #9 /usr/share/mediawiki/includes/WebStart.php(137): require_once(string) #10 /usr/share/mediawiki/index.php(40): require(string) #11 {main} Doing a rough mitigation by commenting one of the 'else' function in line 1813 of /usr/share/mediawiki/includes/user/User.php revert our wikis to a normal state. Is there a way to see which part of code has been modified in this particular security fix, in order to understand if there is a bug or it's just a local misconfiguration ? Regards -- Jean Louis Mas
smime.p7s
Description: Signature cryptographique S/MIME