[Git][security-tracker-team/security-tracker][master] Triage mediawiki/buster

Markus Koschany (@apo) apo at debian.org
Tue Sep 6 18:04:24 BST 2022



Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bfa9ae42 by Markus Koschany at 2022-09-06T19:02:45+02:00
Triage mediawiki/buster

The embedded Guzzle copy is not present in Buster

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23642,14 +23642,14 @@ CVE-2022-31091 (Guzzle, an extensible PHP HTTP client. `Authorization` and `Cook
 	- guzzle 7.4.5-1 (bug #1014492)
 	- mediawiki 1:1.35.7-1
 	[bullseye] - mediawiki <postponed> (Minor issue, fix along with next security release)
-	[buster] - mediawiki <postponed> (Minor issue, fix along with next security release)
+	[buster] - mediawiki <not-affected> (Embedded Guzzle copy not present)
 	NOTE: https://github.com/guzzle/guzzle/security/advisories/GHSA-q559-8m2m-g699
 	NOTE: https://github.com/guzzle/guzzle/commit/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82 (7.4.5)
 CVE-2022-31090 (Guzzle, an extensible PHP HTTP client. `Authorization` headers on requ ...)
 	- guzzle 7.4.5-1 (bug #1014492)
 	- mediawiki 1:1.35.7-1
 	[bullseye] - mediawiki <postponed> (Minor issue, fix along with next security release)
-	[buster] - mediawiki <postponed> (Minor issue, fix along with next security release)
+	[buster] - mediawiki <not-affected> (Embedded Guzzle copy not present)
 	NOTE: https://github.com/guzzle/guzzle/security/advisories/GHSA-25mq-v84q-4j7r
 	NOTE: https://github.com/guzzle/guzzle/commit/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82 (7.4.5)
 CVE-2022-31089 (Parse Server is an open source backend that can be deployed to any inf ...)
@@ -23777,14 +23777,14 @@ CVE-2022-31043 (Guzzle is an open source PHP HTTP client. In affected versions `
 	- guzzle 7.4.4-1 (bug #1012821)
 	- mediawiki 1:1.35.7-1
 	[bullseye] - mediawiki <postponed> (Minor issue, fix along with next security release)
-	[buster] - mediawiki <postponed> (Minor issue, fix along with next security release)
+	[buster] - mediawiki <not-affected> (Embedded Guzzle copy not present)
 	NOTE: https://github.com/guzzle/guzzle/security/advisories/GHSA-w248-ffj2-4v5q
 	NOTE: https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8 (7.4.4)
 CVE-2022-31042 (Guzzle is an open source PHP HTTP client. In affected versions the `Co ...)
 	- guzzle 7.4.4-1 (bug #1012821)
 	- mediawiki 1:1.35.7-1
 	[bullseye] - mediawiki <postponed> (Minor issue, fix along with next security release)
-	[buster] - mediawiki <postponed> (Minor issue, fix along with next security release)
+	[buster] - mediawiki <not-affected> (Embedded Guzzle copy not present)
 	NOTE: https://github.com/guzzle/guzzle/security/advisories/GHSA-f2wf-25xc-69c9
 	NOTE: https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8 (7.4.4)
 CVE-2022-31041 (Open Forms is an application for creating and publishing smart forms.  ...)
@@ -29275,7 +29275,7 @@ CVE-2022-29248 (Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and
 	- guzzle 7.4.4-1 (bug #1011636)
 	- mediawiki 1:1.35.7-1
 	[bullseye] - mediawiki <postponed> (Minor issue, fix along with next security release)
-	[buster] - mediawiki <postponed> (Minor issue, fix along with next security release)
+	[buster] - mediawiki <not-affected> (Embedded Guzzle copy not present)
 	NOTE: https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3
 	NOTE: https://phabricator.wikimedia.org/T308473
 	NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/807225/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfa9ae42b4abc95128bf371645ddf9edf5278277

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfa9ae42b4abc95128bf371645ddf9edf5278277
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220906/5a11a538/attachment.htm>


More information about the debian-security-tracker-commits mailing list