[Git][security-tracker-team/security-tracker][master] remove <postponed> entries for mw issues fixed in mediawiki DSA

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3e0a91d3 by Moritz Muehlenhoff at 2022-10-04T20:36:18+02:00
remove <postponed> entries for mw issues fixed in mediawiki DSA

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19117,14 +19117,12 @@ CVE-2022-34913 (** DISPUTED ** md2roff 1.7 has a stack-based buffer overflow via
 CVE-2022-34912 (An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1 ...)
 	{DLA-3117-1}
 	- mediawiki 1:1.35.7-1
-	[bullseye] - mediawiki <postponed> (Minor issue, fix along with next security release)
 	NOTE: https://phabricator.wikimedia.org/T308473
 	NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/807225/
 	NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/PIPYDRSHXOYW5DB7X755QDNUV5EZWPWB/
 CVE-2022-34911 (An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x  ...)
 	{DLA-3117-1}
 	- mediawiki 1:1.35.7-1
-	[bullseye] - mediawiki <postponed> (Minor issue, fix along with next security release)
 	NOTE: https://phabricator.wikimedia.org/T308471
 	NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/805208
 	NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/PIPYDRSHXOYW5DB7X755QDNUV5EZWPWB/
@@ -29516,14 +29514,12 @@ CVE-2022-31092 (Pimcore is an Open Source Data & Experience Management Platf
 CVE-2022-31091 (Guzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` he ...)
 	- guzzle 7.4.5-1 (bug #1014492)
 	- mediawiki 1:1.35.7-1
-	[bullseye] - mediawiki <postponed> (Minor issue, fix along with next security release)
 	[buster] - mediawiki <not-affected> (Embedded Guzzle copy not present)
 	NOTE: https://github.com/guzzle/guzzle/security/advisories/GHSA-q559-8m2m-g699
 	NOTE: https://github.com/guzzle/guzzle/commit/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82 (7.4.5)
 CVE-2022-31090 (Guzzle, an extensible PHP HTTP client. `Authorization` headers on requ ...)
 	- guzzle 7.4.5-1 (bug #1014492)
 	- mediawiki 1:1.35.7-1
-	[bullseye] - mediawiki <postponed> (Minor issue, fix along with next security release)
 	[buster] - mediawiki <not-affected> (Embedded Guzzle copy not present)
 	NOTE: https://github.com/guzzle/guzzle/security/advisories/GHSA-25mq-v84q-4j7r
 	NOTE: https://github.com/guzzle/guzzle/commit/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82 (7.4.5)
@@ -29651,14 +29647,12 @@ CVE-2022-31044 (Rundeck is an open source automation service with a web console,
 CVE-2022-31043 (Guzzle is an open source PHP HTTP client. In affected versions `Author ...)
 	- guzzle 7.4.4-1 (bug #1012821)
 	- mediawiki 1:1.35.7-1
-	[bullseye] - mediawiki <postponed> (Minor issue, fix along with next security release)
 	[buster] - mediawiki <not-affected> (Embedded Guzzle copy not present)
 	NOTE: https://github.com/guzzle/guzzle/security/advisories/GHSA-w248-ffj2-4v5q
 	NOTE: https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8 (7.4.4)
 CVE-2022-31042 (Guzzle is an open source PHP HTTP client. In affected versions the `Co ...)
 	- guzzle 7.4.4-1 (bug #1012821)
 	- mediawiki 1:1.35.7-1
-	[bullseye] - mediawiki <postponed> (Minor issue, fix along with next security release)
 	[buster] - mediawiki <not-affected> (Embedded Guzzle copy not present)
 	NOTE: https://github.com/guzzle/guzzle/security/advisories/GHSA-f2wf-25xc-69c9
 	NOTE: https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8 (7.4.4)
@@ -35177,7 +35171,6 @@ CVE-2022-29249 (JavaEZ is a library that adds new functions to make Java easier.
 CVE-2022-29248 (Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3  ...)
 	- guzzle 7.4.4-1 (bug #1011636)
 	- mediawiki 1:1.35.7-1
-	[bullseye] - mediawiki <postponed> (Minor issue, fix along with next security release)
 	[buster] - mediawiki <not-affected> (Embedded Guzzle copy not present)
 	NOTE: https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3
 	NOTE: https://phabricator.wikimedia.org/T308473
@@ -38215,21 +38208,18 @@ CVE-2022-28204 (A denial-of-service issue was discovered in MediaWiki 1.37.x bef
 CVE-2022-28203 (A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1 ...)
 	{DLA-3117-1}
 	- mediawiki 1:1.35.6-1
-	[bullseye] - mediawiki <postponed> (Fix along in next security release)
 	[stretch] - mediawiki <postponed> (Fix along in next security release)
 	NOTE: https://phabricator.wikimedia.org/T297731
 	NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/
 CVE-2022-28202 (An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before  ...)
 	{DLA-3117-1}
 	- mediawiki 1:1.35.6-1
-	[bullseye] - mediawiki <postponed> (Fix along in next security release)
 	[stretch] - mediawiki <postponed> (Fix along in next security release)
 	NOTE: https://phabricator.wikimedia.org/T297543
 	NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/
 CVE-2022-28201 (An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36 ...)
 	{DLA-3117-1}
 	- mediawiki 1:1.35.6-1
-	[bullseye] - mediawiki <postponed> (Fix along in next security release)
 	[stretch] - mediawiki <postponed> (Fix along in next security release)
 	NOTE: https://phabricator.wikimedia.org/T297571
 	NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/
@@ -61813,14 +61803,12 @@ CVE-2021-44856 [Title blocked in AbuseFilter can be created via Special:ChangeCo
 	RESERVED
 	{DLA-3117-1}
 	- mediawiki 1:1.35.5-1
-	[bullseye] - mediawiki <postponed> (Minor issue)
 	[stretch] - mediawiki <postponed> (Minor issue)
 	NOTE: https://phabricator.wikimedia.org/T271037
 	NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/
 CVE-2021-44855 [Blind Stored XSS in VisualEditor media dialog]
 	RESERVED
 	- mediawiki 1:1.35.5-1
-	[bullseye] - mediawiki <postponed> (Minor issue)
 	[buster] - mediawiki <not-affected> (Vulnerable code not present)
 	[stretch] - mediawiki <not-affected> (Vulnerable code not present)
 	NOTE: https://phabricator.wikimedia.org/T293589
@@ -61828,7 +61816,6 @@ CVE-2021-44855 [Blind Stored XSS in VisualEditor media dialog]
 CVE-2021-44854 [REST API incorrectly publicly caches autocomplete search results from private wikis]
 	RESERVED
 	- mediawiki 1:1.35.5-1
-	[bullseye] - mediawiki <postponed> (Minor issue)
 	[buster] - mediawiki <not-affected> (Vulnerable code not present)
 	[stretch] - mediawiki <not-affected> (Vulnerable code not present)
 	NOTE: https://phabricator.wikimedia.org/T292763



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e0a91d353d6dcf57cbca4215efe306f7a62d28a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e0a91d353d6dcf57cbca4215efe306f7a62d28a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221004/4e22376a/attachment.htm>