[Git][security-tracker-team/security-tracker][master] new mediawiki issues

Moritz Muehlenhoff jmm at debian.org
Thu Mar 26 22:34:55 GMT 2020



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
697f55e9 by Moritz Muehlenhoff at 2020-03-26T23:34:36+01:00
new mediawiki issues

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -14,10 +14,17 @@ CVE-2020-10962
 	RESERVED
 CVE-2020-10961
 	RESERVED
-CVE-2020-10960
+CVE-2020-10960 [mediawiki: makeCollapsible allows applying event handler to any CSS selector]
 	RESERVED
-CVE-2020-10959
+	- mediawiki <unfixed>
+	[stretch] - mediawiki <not-affected> (Vulnerable code introduced later)
+	NOTE: https://phabricator.wikimedia.org/T246602
+	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html
+CVE-2020-10959 [mediawiki: User content can redirect the logout button to different URL]
 	RESERVED
+	- mediawiki <not-affected> (Vulnerable code introduced later)
+	NOTE: https://phabricator.wikimedia.org/T232932
+	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html
 CVE-2020-10958
 	RESERVED
 CVE-2020-10957


=====================================
data/dsa-needed.txt
=====================================
@@ -19,6 +19,8 @@ libopenmpt
 linux (carnil)
   Wait until more issues have piled up
 --
+mediawiki (jmm)
+--
 mercurial/oldstable
 --
 netkit-telnet



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/697f55e97774097ad9f2869c54e69958a81fed51

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/697f55e97774097ad9f2869c54e69958a81fed51
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200326/1f8e3d85/attachment.html>


More information about the debian-security-tracker-commits mailing list