[Git][security-tracker-team/security-tracker][master] add mw short descriptions, two issues n/a for buster/stretch

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9dd057f6 by Moritz Muehlenhoff at 2020-12-18T08:44:43+01:00
add mw short descriptions, two issues n/a for buster/stretch

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -144,31 +144,41 @@ CVE-2020-35482
 	RESERVED
 CVE-2020-35481
 	RESERVED
-CVE-2020-35480
+CVE-2020-35480 [Divergent behavior for contributions and user pages of hidden users and missing users]
 	RESERVED
 	- mediawiki 1:1.35.1-1
 	NOTE: https://phabricator.wikimedia.org/T120883
-CVE-2020-35479
+	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-December/094126.html
+CVE-2020-35479 [BlockLogFormatter can output raw html]
 	RESERVED
 	- mediawiki 1:1.35.1-1
 	NOTE: https://phabricator.wikimedia.org/T268938
-CVE-2020-35478
+	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-December/094126.html
+CVE-2020-35478 [BlockLogFormatter can output raw html]
 	RESERVED
 	- mediawiki 1:1.35.1-1
+	[buster] - mediawiki <not-affected> (Introduced in 1.33)
+	[stretch] - mediawiki <not-affected> (Introduced in 1.33)
 	NOTE: https://phabricator.wikimedia.org/T268938
-CVE-2020-35477
+	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-December/094126.html
+CVE-2020-35477 [Unable to change visibility of log entries when MediaWiki:Mainpage uses Special:MyLanguage]
 	RESERVED
 	- mediawiki 1:1.35.1-1
 	NOTE: https://phabricator.wikimedia.org/T205908
+	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-December/094126.html
 CVE-2020-35476 (A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 ...)
 	NOT-FOR-US: OpenTSDB
-CVE-2020-35475
+CVE-2020-35475 [Messages userrights-expiry-current and userrights-expiry-none can contain raw html]
 	RESERVED
 	- mediawiki 1:1.35.1-1
-CVE-2020-35474
+	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-December/094126.html
+CVE-2020-35474 [Message recentchanges-legend-watchlistexpiry can contain raw html]
 	RESERVED
 	- mediawiki 1:1.35.1-1
+	[buster] - mediawiki <not-affected> (Introduced in 1.35)
+	[stretch] - mediawiki <not-affected> (Introduced in 1.35)
 	NOTE: https://phabricator.wikimedia.org/T268894
+	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-December/094126.html
 CVE-2020-35473
 	RESERVED
 CVE-2020-35472


=====================================
data/dsa-needed.txt
=====================================
@@ -26,6 +26,8 @@ linux (carnil)
 lxml
   Regression when running under Python 2
 --
+mediawiki (jmm)
+--
 netty
 --
 php-pear (carnil)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9dd057f628ed05a72c5ee474532cfadac3f1fab9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9dd057f628ed05a72c5ee474532cfadac3f1fab9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201218/d67ca89c/attachment-0001.html>