[Git][security-tracker-team/security-tracker][master] Track fixed mediawiki issues via unstable
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Dec 16 06:07:43 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ce3bd854 by Salvatore Bonaccorso at 2021-12-16T07:07:08+01:00
Track fixed mediawiki issues via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -328,7 +328,7 @@ CVE-2021-45039
CVE-2021-45038 [Unauthorized users can access private wiki contents using rollback action]
RESERVED
{DSA-5021-1}
- - mediawiki <unfixed>
+ - mediawiki 1:1.35.5-1
[buster] - mediawiki <not-affected> (Vulnerable code not present)
[stretch] - mediawiki <not-affected> (Vulnerable code not present)
NOTE: https://phabricator.wikimedia.org/T297574
@@ -694,28 +694,28 @@ CVE-2021-44859
CVE-2021-44858 [Unauthorized users can view contents of private wikis using various actions]
RESERVED
{DSA-5021-1 DLA-2847-1}
- - mediawiki <unfixed>
+ - mediawiki 1:1.35.5-1
[buster] - mediawiki 1:1.31.16-1+deb10u2
NOTE: https://phabricator.wikimedia.org/T297322
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/
CVE-2021-44857 [Unauthorized users can use action=mcrundo to replace the content of arbitrary pages]
RESERVED
{DSA-5021-1}
- - mediawiki <unfixed>
+ - mediawiki 1:1.35.5-1
[buster] - mediawiki <not-affected> (Vulnerable code not present)
[stretch] - mediawiki <not-affected> (Vulnerable code not present)
NOTE: https://phabricator.wikimedia.org/T297322
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/
CVE-2021-44856 [Title blocked in AbuseFilter can be created via Special:ChangeContentModel]
RESERVED
- - mediawiki <unfixed>
+ - mediawiki 1:1.35.5-1
[bullseye] - mediawiki <postponed> (Minor issue)
[buster] - mediawiki <postponed> (Minor issue)
NOTE: https://phabricator.wikimedia.org/T271037
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/
CVE-2021-44855 [Blind Stored XSS in VisualEditor media dialog]
RESERVED
- - mediawiki <unfixed>
+ - mediawiki 1:1.35.5-1
[bullseye] - mediawiki <postponed> (Minor issue)
[buster] - mediawiki <not-affected> (Vulnerable code not present)
[stretch] - mediawiki <not-affected> (Vulnerable code not present)
@@ -723,7 +723,7 @@ CVE-2021-44855 [Blind Stored XSS in VisualEditor media dialog]
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/
CVE-2021-44854 [REST API incorrectly publicly caches autocomplete search results from private wikis]
RESERVED
- - mediawiki <unfixed>
+ - mediawiki 1:1.35.5-1
[bullseye] - mediawiki <postponed> (Minor issue)
[buster] - mediawiki <not-affected> (Vulnerable code not present)
[stretch] - mediawiki <not-affected> (Vulnerable code not present)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce3bd854905d277c9eaa09851ee3255b9dd0245d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce3bd854905d277c9eaa09851ee3255b9dd0245d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211216/94d1d102/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list