[Git][security-tracker-team/security-tracker][master] 4 commits: CVE-2022-41765,mediawiki: Link to fixing commit
Markus Koschany (@apo)
apo at debian.org
Tue Oct 11 23:17:46 BST 2022
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
30a504e0 by Markus Koschany at 2022-10-11T20:34:27+02:00
CVE-2022-41765,mediawiki: Link to fixing commit
- - - - -
705cac49 by Markus Koschany at 2022-10-11T20:40:35+02:00
CVE-2022-41767,mediawiki: Link to fixing commit
- - - - -
ca52d85e by Markus Koschany at 2022-10-12T00:16:50+02:00
Merge branch 'master' of salsa.debian.org:security-tracker-team/security-tracker
- - - - -
a5605dba by Markus Koschany at 2022-10-12T00:17:31+02:00
Reserve DLA-3148-1 for mediawiki
- - - - -
2 changed files:
- data/CVE/list
- data/DLA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2445,6 +2445,7 @@ CVE-2022-41767 [mediawiki: reassignEdits doesn't update results in an IP range c
{DSA-5246-1}
- mediawiki 1:1.35.8-1
NOTE: https://phabricator.wikimedia.org/T316304
+ NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/836891
CVE-2022-41766 [mediawiki: On action=rollback the message "alreadyrolled" can leak revision deleted user name]
RESERVED
- mediawiki <unfixed>
@@ -2456,6 +2457,7 @@ CVE-2022-41765 [mediawiki: HTMLUserTextField exposes existence of hidden users]
{DSA-5246-1}
- mediawiki 1:1.35.8-1
NOTE: https://phabricator.wikimedia.org/T309894
+ NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/836892
CVE-2022-41764
RESERVED
CVE-2022-41763
@@ -6496,7 +6498,7 @@ CVE-2022-3140 [libreoffice: Macro URL arbitrary script execution]
- libreoffice 1:7.4.1~rc2-3
NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2022-3140
CVE-2022-3139
- RESERVED
+ RESERVED
CVE-2022-3138 (Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawi ...)
NOT-FOR-US: jgraph/drawio
CVE-2022-3137 (The Taskbuilder WordPress plugin before 1.0.8 does not validate and sa ...)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[12 Oct 2022] DLA-3148-1 mediawiki - security update
+ {CVE-2022-41765 CVE-2022-41767}
+ [buster] - mediawiki 1:1.31.16-1+deb10u4
[11 Oct 2022] DLA-3147-1 twig - security update
{CVE-2022-39261}
[buster] - twig 2.6.2-2+deb10u1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7f43eed344debdf4d61ecf0689fa9028ec5e23cb...a5605dba2e20eed8b61a81d63d30e33d16d8b31a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7f43eed344debdf4d61ecf0689fa9028ec5e23cb...a5605dba2e20eed8b61a81d63d30e33d16d8b31a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221011/7dc6bd87/attachment.htm>
More information about the debian-security-tracker-commits
mailing list