[Git][security-tracker-team/security-tracker][master] new mediawiki issues
Moritz Muehlenhoff
jmm at debian.org
Thu Mar 26 22:34:55 GMT 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
697f55e9 by Moritz Muehlenhoff at 2020-03-26T23:34:36+01:00
new mediawiki issues
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -14,10 +14,17 @@ CVE-2020-10962
RESERVED
CVE-2020-10961
RESERVED
-CVE-2020-10960
+CVE-2020-10960 [mediawiki: makeCollapsible allows applying event handler to any CSS selector]
RESERVED
-CVE-2020-10959
+ - mediawiki <unfixed>
+ [stretch] - mediawiki <not-affected> (Vulnerable code introduced later)
+ NOTE: https://phabricator.wikimedia.org/T246602
+ NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html
+CVE-2020-10959 [mediawiki: User content can redirect the logout button to different URL]
RESERVED
+ - mediawiki <not-affected> (Vulnerable code introduced later)
+ NOTE: https://phabricator.wikimedia.org/T232932
+ NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html
CVE-2020-10958
RESERVED
CVE-2020-10957
=====================================
data/dsa-needed.txt
=====================================
@@ -19,6 +19,8 @@ libopenmpt
linux (carnil)
Wait until more issues have piled up
--
+mediawiki (jmm)
+--
mercurial/oldstable
--
netkit-telnet
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/697f55e97774097ad9f2869c54e69958a81fed51
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/697f55e97774097ad9f2869c54e69958a81fed51
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200326/1f8e3d85/attachment.html>
More information about the debian-security-tracker-commits
mailing list