[Git][security-tracker-team/security-tracker][master] Add initial tracking for four CVEs for mediawiki
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Dec 24 09:31:43 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2c865fcd by Salvatore Bonaccorso at 2021-12-24T10:31:15+01:00
Add initial tracking for four CVEs for mediawiki
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,24 @@
CVE-2021-45474 (In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporte ...)
- TODO: check
+ - mediawiki <unfixed>
+ NOTE: https://gerrit.wikimedia.org/r/q/Id1c8910aeac5b452fbabeddab70360765518223e
+ NOTE: https://phabricator.wikimedia.org/T296605
+ TODO: check, fixing versions
CVE-2021-45473 (In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which ...)
- TODO: check
+ - mediawiki <unfixed>
+ NOTE: https://gerrit.wikimedia.org/r/q/I3cd080a1a7dacd7396d37ee0c98cff0b4e241f8d
+ NOTE: https://phabricator.wikimedia.org/T294693
+ TODO: check, fixing versions
CVE-2021-45472 (In MediaWiki through 1.37, XSS can occur in Wikibase because an extern ...)
- TODO: check
+ - mediawiki <unfixed>
+ NOTE: https://gerrit.wikimedia.org/r/q/I37ece1dfdc80d38055067c9c4fa73ba591acd8bd
+ NOTE: https://phabricator.wikimedia.org/T297570
+ TODO: check, fixing versions
CVE-2021-45471 (In MediaWiki through 1.37, blocked IP addresses are allowed to edit En ...)
- TODO: check
+ - mediawiki <unfixed>
+ NOTE: https://gerrit.wikimedia.org/r/q/Iac86cf63bd014ef99e83dccfce9b8942e15d2bf9
+ NOTE: https://gerrit.wikimedia.org/r/q/Id9af124427bcd1e85301d2140a38bf47bbc5622c
+ NOTE: https://phabricator.wikimedia.org/T296578
+ TODO: check, fixing versions
CVE-2021-45470 (lib/DatabaseLayer.py in cve-search before 4.1.0 allows regular express ...)
NOT-FOR-US: cve-search
CVE-2021-4161
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c865fcdcc8b8e43927739586e37f052c75fcc78
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c865fcdcc8b8e43927739586e37f052c75fcc78
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211224/06780e26/attachment.htm>
More information about the debian-security-tracker-commits
mailing list