[Git][security-tracker-team/security-tracker][master] fixup CVE-2020-25869 vs CVE-2020-25689, Phab task got fixed with the correct ID

Moritz Muehlenhoff jmm at debian.org
Mon Sep 28 14:18:43 BST 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9c4b9540 by Moritz Muehlenhoff at 2020-09-28T15:17:55+02:00
fixup CVE-2020-25869 vs CVE-2020-25689, Phab task got fixed with the correct ID

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -527,8 +527,11 @@ CVE-2020-25871
 CVE-2020-25870
 	RESERVED
 CVE-2020-25869 (An information leak was discovered in MediaWiki before 1.31.10 and 1.3 ...)
-	TODO: check
-	NOTE: Typo/mixup in CVE assignment with CVE-2020-25689, clarifying
+	NOT-FOR-US: CentralAuth MediaWiki extension
+	NOTE: The extension requires some new infrastructure code which was added to the
+	NOTE: MediaWiki 1.31.9 / 1.34.3 security releases announced at
+	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-September/093888.html
+	NOTE: https://phabricator.wikimedia.org/T260485
 CVE-2020-25868
 	RESERVED
 CVE-2020-25867
@@ -953,12 +956,6 @@ CVE-2020-25690
 	RESERVED
 CVE-2020-25689
 	RESERVED
-	{DSA-4767-1}
-	NOT-FOR-US: CentralAuth MediaWiki extension
-	NOTE: The extension requires some new infrastructure code which was added to the
-	NOTE: MediaWiki 1.31.9 / 1.34.3 security releases announced at
-	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-September/093888.html
-	NOTE: https://phabricator.wikimedia.org/T260485
 CVE-2020-25688
 	RESERVED
 CVE-2020-25687


=====================================
data/DSA/list
=====================================
@@ -1,5 +1,5 @@
 [25 Sep 2020] DSA-4767-1 mediawiki - security update
-	{CVE-2020-15005 CVE-2020-17367 CVE-2020-17368 CVE-2020-25689 CVE-2020-25812 CVE-2020-25813 CVE-2020-25814 CVE-2020-25827 CVE-2020-25828}
+	{CVE-2020-15005 CVE-2020-17367 CVE-2020-17368 CVE-2020-25812 CVE-2020-25813 CVE-2020-25814 CVE-2020-25827 CVE-2020-25828}
 	[buster] - mediawiki 1:1.31.10-1~deb10u1
 [24 Sep 2020] DSA-4766-1 rails - security update
 	{CVE-2020-8162 CVE-2020-8164 CVE-2020-8165 CVE-2020-8166 CVE-2020-8167 CVE-2020-15169}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c4b954022481ab8deef016c9941eb1393a156a1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c4b954022481ab8deef016c9941eb1393a156a1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200928/682137b3/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list