[Git][security-tracker-team/security-tracker][master] 3 commits: Mark CVE-2021-41800,CVE-2021-41801,mediawiki as not-affected for Stretch

Sat Oct 9 16:35:32 BST 2021


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3a57854a by Markus Koschany at 2021-10-09T17:33:14+02:00
Mark CVE-2021-41800,CVE-2021-41801,mediawiki as not-affected for Stretch

The vulnerable code was introduced later

- - - - -
232ea563 by Markus Koschany at 2021-10-09T17:34:32+02:00
CVE-2021-35197,mediawiki: Remove postponed tag.

- - - - -
532839de by Markus Koschany at 2021-10-09T17:35:22+02:00
Reserve DLA-2779-1 for mediawiki

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -773,14 +773,17 @@ CVE-2021-41801
 	RESERVED
 	{DSA-4979-1}
 	- mediawiki 1:1.35.4-1
+	[stretch] - mediawiki <not-affected> (The vulnerable was introduced later)
 	NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
 	NOTE: https://phabricator.wikimedia.org/T279090
 CVE-2021-41800
 	RESERVED
 	{DSA-4979-1}
 	- mediawiki 1:1.35.4-1
+	[stretch] - mediawiki <not-affected> (The vulnerable was introduced later)
 	NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
 	NOTE: https://phabricator.wikimedia.org/T284419
+	NOTE: Fixed by https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874
 CVE-2021-41799
 	RESERVED
 	{DSA-4979-1}
@@ -16231,7 +16234,6 @@ CVE-2021-35197 (In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3
 	- mediawiki 1:1.35.3-1
 	[bullseye] - mediawiki <postponed> (Minor issue, wait until next 1.35.x release)
 	[buster] - mediawiki <postponed> (Minor issue, wait until next 1.31.x release)
-	[stretch] - mediawiki <postponed> (Minor issue, include in next update)
 	NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/YR3X4L2CPSEJVSY543AWEO65TD6APXHP/
 	NOTE: https://phabricator.wikimedia.org/T280226
 CVE-2021-35196 (** DISPUTED ** Manuskript through 0.12.0 allows remote attackers to ex ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[09 Oct 2021] DLA-2779-1 mediawiki - security update
+	{CVE-2021-35197 CVE-2021-41798 CVE-2021-41799}
+	[stretch] - mediawiki 1:1.27.7-1~deb9u10
 [04 Oct 2021] DLA-2778-1 fig2dev - security update
 	{CVE-2019-19797 CVE-2020-21529 CVE-2020-21530 CVE-2020-21531 CVE-2020-21532 CVE-2020-21533 CVE-2020-21534 CVE-2020-21535 CVE-2020-21675 CVE-2020-21676 CVE-2021-3561 CVE-2021-32280}
 	[stretch] - fig2dev 1:3.2.6a-2+deb9u4


=====================================
data/dla-needed.txt
=====================================
@@ -56,8 +56,6 @@ linux (Ben Hutchings)
 --
 linux-4.19 (Ben Hutchings)
 --
-mediawiki (Markus Koschany)
---
 mosquitto
   NOTE: 20210805: coordinating upload to buster before DLA for Stretch (codehelp)
   NOTE: 20210806: CVE-2021-34432 ignored in buster and stretch. Vulnerable code not accessible. (codehelp)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/04dc8c6f53e07c9cb74b82cb26d33f7a06cd876c...532839dec29ab9ab59c7f67a761ae6c0af5522e2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/04dc8c6f53e07c9cb74b82cb26d33f7a06cd876c...532839dec29ab9ab59c7f67a761ae6c0af5522e2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211009/1759e01d/attachment-0001.htm>
