[Git][security-tracker-team/security-tracker][master] mediawiki DSA
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Dec 15 19:46:03 GMT 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d76508e0 by Moritz Mühlenhoff at 2021-12-15T20:45:36+01:00
mediawiki DSA
take mediawiki for DLA
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -679,6 +679,7 @@ CVE-2021-44859
CVE-2021-44858 [Unauthorized users can view contents of private wikis using various actions]
RESERVED
- mediawiki <unfixed>
+ [buster] - mediawiki 1:1.31.16-1+deb10u2
NOTE: https://phabricator.wikimedia.org/T297322
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/
CVE-2021-44857 [Unauthorized users can use action=mcrundo to replace the content of arbitrary pages]
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[15 Dec 2021] DSA-5021-1 mediawiki - security update
+ {CVE-2021-44857 CVE-2021-44858 CVE-2021-45038}
+ [bullseye] - mediawiki 1:1.35.4-1+deb11u2
[11 Dec 2021] DSA-5020-1 apache-log4j2 - security update
{CVE-2021-44228}
[buster] - apache-log4j2 2.15.0-1~deb10u1
=====================================
data/dla-needed.txt
=====================================
@@ -59,6 +59,8 @@ linux (Ben Hutchings)
--
linux-4.19 (Ben Hutchings)
--
+mediawiki (jmm)
+--
nvidia-graphics-drivers (Markus Koschany)
NOTE: package is in non-free but also in packages-to-support
NOTE: only CVE‑2021‑1076 seems to be fixed in the R390 branch used in Stretch, no fix available for CVE-2021-1077
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d76508e00f7075b606a503d2df94c59c905c1a57
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d76508e00f7075b606a503d2df94c59c905c1a57
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211215/c2e6bbc7/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list