[Git][security-tracker-team/security-tracker][master] new mediawiki issues

Moritz Muehlenhoff jmm at debian.org
Thu Sep 20 22:37:30 BST 2018


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
24e422c9 by Moritz Muehlenhoff at 2018-09-20T21:36:54Z
new mediawiki issues

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -9670,8 +9670,11 @@ CVE-2018-13259 (An issue was discovered in zsh before 5.6. Shebang lines exceedi
 	[jessie] - zsh <no-dsa> (Minor issue)
 	NOTE: https://www.zsh.org/mla/zsh-announce/136
 	NOTE: https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d
-CVE-2018-13258
+CVE-2018-13258 [mediawiki: Tarball was missing .htaccess files]
 	RESERVED
+	- mediawiki <not-affected> (Affected upstream tarball was never used)
+	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
+	NOTE: https://phabricator.wikimedia.org/T199029
 CVE-2018-13257
 	RESERVED
 CVE-2018-13256 (PHP Scripts Mall Auditor Website 2.0.1 has XSS via the lastname or ...)
@@ -46264,12 +46267,21 @@ CVE-2018-0507 (Untrusted search path vulnerability in FLET'S VIRUS CLEAR Easy Se
 	NOT-FOR-US: FLET'S VIRUS CLEAR
 CVE-2018-0506 (Nootka 1.4.4 and earlier allows remote attackers to execute arbitrary ...)
 	NOT-FOR-US: Nootka
-CVE-2018-0505
+CVE-2018-0505 [mediawiki: BotPasswords can bypass CentralAuth's account lock]
 	RESERVED
-CVE-2018-0504
+	- mediawiki <unfixed>
+	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
+	NOTE: https://phabricator.wikimedia.org/T194605
+CVE-2018-0504 [mediawiki: Information disclosure in Special:Redirect/logid]
 	RESERVED
-CVE-2018-0503
+	- mediawiki <unfixed>
+	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
+	NOTE: https://phabricator.wikimedia.org/T187638
+CVE-2018-0503 [mediawiki: wgRateLimits entry for 'user' overrides 'newbie']
 	RESERVED
+	- mediawiki <unfixed>
+	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
+	NOTE: https://phabricator.wikimedia.org/T169545
 CVE-2018-0502 (An issue was discovered in zsh before 5.6. The beginning of a #! script ...)
 	- zsh 5.6-1 (bug #908000)
 	[stretch] - zsh <no-dsa> (Minor issue)


=====================================
data/dsa-needed.txt
=====================================
@@ -52,6 +52,8 @@ mariadb-10.1/stable
   including some other changes -> Needs review if suitable to include via
   security upload or need an SRM ack first.
 --
+mediawiki (jmm)
+--
 mercurial
 --
 mosquitto (seb)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/24e422c9960b8728896b7518d8adae6718e7b6c2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/24e422c9960b8728896b7518d8adae6718e7b6c2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180920/5b9e5ccc/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list