[Git][security-tracker-team/security-tracker][master] mediawiki fixed
Moritz Muehlenhoff
jmm at debian.org
Fri Apr 9 14:10:25 BST 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9057ad25 by Moritz Muehlenhoff at 2021-04-09T15:09:42+02:00
mediawiki fixed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -59,7 +59,8 @@ CVE-2021-30460
CVE-2021-30459
RESERVED
CVE-2021-30458 (An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x ...)
- TODO: check
+ - mediawiki 1:1.35.2-1
+ NOTE: https://phabricator.wikimedia.org/T279451
CVE-2021-30457 (An issue was discovered in the id-map crate through 2021-02-26 for Rus ...)
NOT-FOR-US: Rust crate id-map
CVE-2021-30456 (An issue was discovered in the id-map crate through 2021-02-26 for Rus ...)
@@ -722,27 +723,37 @@ CVE-2019-25026 (Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup dat
CVE-2021-30160
RESERVED
CVE-2021-30159 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...)
- TODO: check
+ - mediawiki 1:1.35.2-1
+ NOTE: https://phabricator.wikimedia.org/T272386
+ NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html
CVE-2021-30158 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...)
- - mediawiki <unfixed>
+ - mediawiki 1:1.35.2-1
NOTE: https://phabricator.wikimedia.org/T277009
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/670546
CVE-2021-30157 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...)
- - mediawiki <unfixed>
+ - mediawiki 1:1.35.2-1
NOTE: https://phabricator.wikimedia.org/T278058
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/674085
CVE-2021-30156 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...)
- TODO: check
+ - mediawiki 1:1.35.2-1
+ NOTE: https://phabricator.wikimedia.org/T276306
CVE-2021-30155 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...)
- TODO: check
+ - mediawiki 1:1.35.2-1
+ NOTE: https://phabricator.wikimedia.org/T270988
+ NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html
CVE-2021-30154 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...)
- - mediawiki <unfixed>
+ - mediawiki 1:1.35.2-1
NOTE: https://phabricator.wikimedia.org/T278014
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/674083/
CVE-2021-30153
RESERVED
+ - mediawiki 1:1.35.2-1
+ NOTE: https://phabricator.wikimedia.org/T270453
+ NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html
CVE-2021-30152 (An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through ...)
- TODO: check
+ - mediawiki 1:1.35.2-1
+ NOTE: https://phabricator.wikimedia.org/T270713
+ NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html
CVE-2021-30151 (Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue n ...)
- ruby-sidekiq <unfixed>
NOTE: https://github.com/mperham/sidekiq/issues/4852
@@ -7190,6 +7201,7 @@ CVE-2021-27292 (ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expre
CVE-2021-27291 (In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming ...)
{DSA-4878-1 DLA-2600-1}
- pygments <unfixed> (bug #985574)
+ - mediawiki 1:1.35.2-1
NOTE: https://gist.github.com/b-c-ds/b1a2cc0c68a35c57188575eb496de5ce
NOTE: https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14
CVE-2021-27290 (ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expre ...)
@@ -24618,6 +24630,7 @@ CVE-2021-20271 (A flaw was found in RPM's signature check functionality when rea
CVE-2021-20270 (An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lea ...)
{DSA-4870-1 DLA-2590-1}
- pygments 2.7.1+dfsg-2 (bug #984664)
+ - mediawiki 1:1.35.2-1
NOTE: https://github.com/pygments/pygments/issues/1625
NOTE: https://github.com/pygments/pygments/commit/f91804ff4772e3ab41f46e28d370f57898700333
CVE-2021-20269 [incorrect permissions on kdump dmesg file]
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9057ad2505dc7a6693e8fff4cd6b09a84c2c3d24
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9057ad2505dc7a6693e8fff4cd6b09a84c2c3d24
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210409/65d379e7/attachment.htm>
More information about the debian-security-tracker-commits
mailing list