[Git][security-tracker-team/security-tracker][master] Four mediawiki issues fixed in unstable

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Apr 1 19:45:24 BST 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e3a28fed by Salvatore Bonaccorso at 2022-04-01T20:44:55+02:00
Four mediawiki issues fixed in unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -403,20 +403,20 @@ CVE-2022-28205 (An issue was discovered in MediaWiki through 1.37.1. The Central
 	NOT-FOR-US: MediaWiki CentralAuth extension
 CVE-2022-28204 [mediawiki: Special:WhatLinksHere can result in a DoS when a page is used on a extremely large number of other pages]
 	RESERVED
-	- mediawiki <unfixed>
+	- mediawiki 1:1.35.6-1
 	[bullseye] - mediawiki <postponed> (Fix along in next security release)
 	[buster] - mediawiki <postponed> (Fix along in next security release)
 	NOTE: https://phabricator.wikimedia.org/T297754
 	NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/
 CVE-2022-28203 [mediawiki: Requesting Special:NewFiles on a wiki with many file uploads with actor as a condition can result in a DoS]
 	RESERVED
-	- mediawiki <unfixed>
+	- mediawiki 1:1.35.6-1
 	[bullseye] - mediawiki <postponed> (Fix along in next security release)
 	[buster] - mediawiki <postponed> (Fix along in next security release)
 	NOTE: https://phabricator.wikimedia.org/T297731
 	NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/
 CVE-2022-28202 (An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before  ...)
-	- mediawiki <unfixed>
+	- mediawiki 1:1.35.6-1
 	[bullseye] - mediawiki <postponed> (Fix along in next security release)
 	[buster] - mediawiki <postponed> (Fix along in next security release)
 	[stretch] - mediawiki <postponed> (Fix along in next security release)
@@ -424,7 +424,7 @@ CVE-2022-28202 (An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x b
 	NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/
 CVE-2022-28201 [mediawiki: Title::newMainPage() goes into an infinite recursion loop if it points to a local interwiki]
 	RESERVED
-	- mediawiki <unfixed>
+	- mediawiki 1:1.35.6-1
 	[bullseye] - mediawiki <postponed> (Fix along in next security release)
 	[buster] - mediawiki <postponed> (Fix along in next security release)
 	NOTE: https://phabricator.wikimedia.org/T297571



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3a28fed7ab5febe21e5739dd94d7c1698dcf748

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3a28fed7ab5febe21e5739dd94d7c1698dcf748
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220401/54220838/attachment.htm>


More information about the debian-security-tracker-commits mailing list