[Git][security-tracker-team/security-tracker][master] new mediawiki issues
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Mar 31 23:21:16 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c809597a by Moritz Muehlenhoff at 2022-04-01T00:20:27+02:00
new mediawiki issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -337,18 +337,34 @@ CVE-2022-28206 (An issue was discovered in MediaWiki through 1.37.1. ImportPlanV
NOT-FOR-US: MediaWiki FileImporter extension
CVE-2022-28205 (An issue was discovered in MediaWiki through 1.37.1. The CentralAuth e ...)
NOT-FOR-US: MediaWiki CentralAuth extension
-CVE-2022-28204
+CVE-2022-28204 [mediawiki: Special:WhatLinksHere can result in a DoS when a page is used on a extremely large number of other pages]
RESERVED
-CVE-2022-28203
+ - mediawiki <unfixed>
+ [bullseye] - mediawiki <postponed> (Fix along in next security release)
+ [buster] - mediawiki <postponed> (Fix along in next security release)
+ NOTE: https://phabricator.wikimedia.org/T297754
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/
+CVE-2022-28203 [mediawiki: Requesting Special:NewFiles on a wiki with many file uploads with actor as a condition can result in a DoS]
RESERVED
+ - mediawiki <unfixed>
+ [bullseye] - mediawiki <postponed> (Fix along in next security release)
+ [buster] - mediawiki <postponed> (Fix along in next security release)
+ NOTE: https://phabricator.wikimedia.org/T297731
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/
CVE-2022-28202 (An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before ...)
- mediawiki <unfixed>
[bullseye] - mediawiki <postponed> (Fix along in next security release)
[buster] - mediawiki <postponed> (Fix along in next security release)
[stretch] - mediawiki <postponed> (Fix along in next security release)
NOTE: https://phabricator.wikimedia.org/T297543
-CVE-2022-28201
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/
+CVE-2022-28201 [mediawiki: Title::newMainPage() goes into an infinite recursion loop if it points to a local interwiki]
RESERVED
+ - mediawiki <unfixed>
+ [bullseye] - mediawiki <postponed> (Fix along in next security release)
+ [buster] - mediawiki <postponed> (Fix along in next security release)
+ NOTE: https://phabricator.wikimedia.org/T297571
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/
CVE-2022-28200
RESERVED
CVE-2022-28199
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c809597ab81cad23493297916dcfb95b2a202ae7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c809597ab81cad23493297916dcfb95b2a202ae7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220331/22394f4b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list