[Secure-testing-commits] r36696 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Sep 15 19:56:16 UTC 2015
Author: carnil
Date: 2015-09-15 19:56:16 +0000 (Tue, 15 Sep 2015)
New Revision: 36696
Modified:
data/CVE/list
Log:
Update information for CVE-2015-673{3,4}/mediawiki-extensions
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-09-15 19:49:17 UTC (rev 36695)
+++ data/CVE/list 2015-09-15 19:56:16 UTC (rev 36696)
@@ -2242,19 +2242,11 @@
NOTE: https://phabricator.wikimedia.org/T100211
TODO: recheck after CVE assignment, in extension rather than mediawiki core
CVE-2015-6734 (Cross-site scripting (XSS) vulnerability in contrib/cssgen.php in the ...)
- - mediawiki <unfixed>
- [jessie] - mediawiki <no-dsa> (Minor issues)
- [wheezy] - mediawiki <no-dsa> (Minor issues)
- [squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
+ - mediawiki-extensions <not-affected> (contrib directory not present)
NOTE: https://phabricator.wikimedia.org/T108198
- TODO: recheck after CVE assignment, in extension rather than mediawiki core
CVE-2015-6733 (GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki ...)
- - mediawiki <unfixed>
- [jessie] - mediawiki <no-dsa> (Minor issues)
- [wheezy] - mediawiki <no-dsa> (Minor issues)
- [squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
+ - mediawiki-extensions <not-affected> (contrib directory not present)
NOTE: https://phabricator.wikimedia.org/T108198
- TODO: recheck after CVE assignment, in extension rather than mediawiki core
CVE-2015-6732 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
NOT-FOR-US: SemanticForms extension for MediaWiki
NOTE: https://phabricator.wikimedia.org/T103391
More information about the Secure-testing-commits
mailing list