[Git][security-tracker-team/security-tracker][master] four issues are for mediawiki extensions not included in the core set shipped by mw releases
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Dec 24 10:51:37 GMT 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3c644582 by Moritz Muehlenhoff at 2021-12-24T11:50:48+01:00
four issues are for mediawiki extensions not included in the core set shipped by mw releases
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,24 +1,20 @@
CVE-2021-45474 (In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporte ...)
- - mediawiki <unfixed>
+ NOT-FOR-US: FileImporter MediaWiki extension
NOTE: https://gerrit.wikimedia.org/r/q/Id1c8910aeac5b452fbabeddab70360765518223e
NOTE: https://phabricator.wikimedia.org/T296605
- TODO: check, fixing versions
CVE-2021-45473 (In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which ...)
- - mediawiki <unfixed>
+ NOT-FOR-US: WikiBase MediaWiki extension
NOTE: https://gerrit.wikimedia.org/r/q/I3cd080a1a7dacd7396d37ee0c98cff0b4e241f8d
NOTE: https://phabricator.wikimedia.org/T294693
- TODO: check, fixing versions
CVE-2021-45472 (In MediaWiki through 1.37, XSS can occur in Wikibase because an extern ...)
- - mediawiki <unfixed>
+ NOT-FOR-US: WikiBase MediaWiki extension
NOTE: https://gerrit.wikimedia.org/r/q/I37ece1dfdc80d38055067c9c4fa73ba591acd8bd
NOTE: https://phabricator.wikimedia.org/T297570
- TODO: check, fixing versions
CVE-2021-45471 (In MediaWiki through 1.37, blocked IP addresses are allowed to edit En ...)
- - mediawiki <unfixed>
+ NOT-FOR-US: EntitySchema MediaWiki extension
NOTE: https://gerrit.wikimedia.org/r/q/Iac86cf63bd014ef99e83dccfce9b8942e15d2bf9
NOTE: https://gerrit.wikimedia.org/r/q/Id9af124427bcd1e85301d2140a38bf47bbc5622c
NOTE: https://phabricator.wikimedia.org/T296578
- TODO: check, fixing versions
CVE-2021-45470 (lib/DatabaseLayer.py in cve-search before 4.1.0 allows regular express ...)
NOT-FOR-US: cve-search
CVE-2021-4161
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c644582e5b9f814e9b5b5b6bb9cd64fc54e3a0e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c644582e5b9f814e9b5b5b6bb9cd64fc54e3a0e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211224/97e50d93/attachment.htm>
More information about the debian-security-tracker-commits
mailing list