[Git][security-tracker-team/security-tracker][master] 2 commits: LTS: CVE-2020-15005/mediawiki will be fixed
Roberto C. Sánchez
roberto at debian.org
Wed Dec 23 01:30:10 GMT 2020
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker
Commits:
82a98030 by Roberto C. Sánchez at 2020-12-22T20:11:54-05:00
LTS: CVE-2020-15005/mediawiki will be fixed
- - - - -
ffc529a3 by Roberto C. Sánchez at 2020-12-22T20:29:56-05:00
Reserve DLA-2504-1 for mediawiki
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -41021,7 +41021,6 @@ CVE-2020-15006 (Bludit 3.12.0 allows stored XSS via JavaScript code in an SVG do
CVE-2020-15005 (In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34. ...)
{DSA-4767-1}
- mediawiki 1:1.31.8-1
- [stretch] - mediawiki <postponed> (Minor issue)
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-June/093535.html
CVE-2020-15004 (OX App Suite through 7.10.3 allows stats/diagnostic?param= XSS. ...)
NOT-FOR-US: Open-Xchange App Suite
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[22 Dec 2020] DLA-2504-1 mediawiki - security update
+ {CVE-2020-15005 CVE-2020-35477 CVE-2020-35479 CVE-2020-35480}
+ [stretch] - mediawiki 1:1.27.7-1~deb9u7
[22 Dec 2020] DLA-2412-2 openjdk-8 - regression update
[stretch] - openjdk-8 8u275-b01-1~deb9u1
[21 Dec 2020] DLA-2503-1 node-ini - security update
=====================================
data/dla-needed.txt
=====================================
@@ -91,8 +91,6 @@ mariadb-10.1 (Adrian Bunk)
NOTE: 20201207: still ongoing (bunk)
NOTE: 20201220: debugging test failure in local build (bunk)
--
-mediawiki (Roberto C. Sánchez)
---
mumble
NOTE: 20200325: Regression in last upload, forgot to follow up.
NOTE: 20200325: https://github.com/mumble-voip/mumble/issues/3605 (abhijith)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/45060b59935ed05698d9d6ab7bb2bfe4e014be4c...ffc529a3709ee9860c8640dc796bbfff4f9029c1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/45060b59935ed05698d9d6ab7bb2bfe4e014be4c...ffc529a3709ee9860c8640dc796bbfff4f9029c1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201223/f120a0b6/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list