[Git][security-tracker-team/security-tracker][master] new mediawiki issues
Moritz Muehlenhoff
jmm at debian.org
Thu Sep 20 22:37:30 BST 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
24e422c9 by Moritz Muehlenhoff at 2018-09-20T21:36:54Z
new mediawiki issues
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -9670,8 +9670,11 @@ CVE-2018-13259 (An issue was discovered in zsh before 5.6. Shebang lines exceedi
[jessie] - zsh <no-dsa> (Minor issue)
NOTE: https://www.zsh.org/mla/zsh-announce/136
NOTE: https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d
-CVE-2018-13258
+CVE-2018-13258 [mediawiki: Tarball was missing .htaccess files]
RESERVED
+ - mediawiki <not-affected> (Affected upstream tarball was never used)
+ NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
+ NOTE: https://phabricator.wikimedia.org/T199029
CVE-2018-13257
RESERVED
CVE-2018-13256 (PHP Scripts Mall Auditor Website 2.0.1 has XSS via the lastname or ...)
@@ -46264,12 +46267,21 @@ CVE-2018-0507 (Untrusted search path vulnerability in FLET'S VIRUS CLEAR Easy Se
NOT-FOR-US: FLET'S VIRUS CLEAR
CVE-2018-0506 (Nootka 1.4.4 and earlier allows remote attackers to execute arbitrary ...)
NOT-FOR-US: Nootka
-CVE-2018-0505
+CVE-2018-0505 [mediawiki: BotPasswords can bypass CentralAuth's account lock]
RESERVED
-CVE-2018-0504
+ - mediawiki <unfixed>
+ NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
+ NOTE: https://phabricator.wikimedia.org/T194605
+CVE-2018-0504 [mediawiki: Information disclosure in Special:Redirect/logid]
RESERVED
-CVE-2018-0503
+ - mediawiki <unfixed>
+ NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
+ NOTE: https://phabricator.wikimedia.org/T187638
+CVE-2018-0503 [mediawiki: wgRateLimits entry for 'user' overrides 'newbie']
RESERVED
+ - mediawiki <unfixed>
+ NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
+ NOTE: https://phabricator.wikimedia.org/T169545
CVE-2018-0502 (An issue was discovered in zsh before 5.6. The beginning of a #! script ...)
- zsh 5.6-1 (bug #908000)
[stretch] - zsh <no-dsa> (Minor issue)
=====================================
data/dsa-needed.txt
=====================================
@@ -52,6 +52,8 @@ mariadb-10.1/stable
including some other changes -> Needs review if suitable to include via
security upload or need an SRM ack first.
--
+mediawiki (jmm)
+--
mercurial
--
mosquitto (seb)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/24e422c9960b8728896b7518d8adae6718e7b6c2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/24e422c9960b8728896b7518d8adae6718e7b6c2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180920/5b9e5ccc/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list