[Git][security-tracker-team/security-tracker][master] 2 commits: Remove no-dsa tags of mediawiki for upcoming security update

[Markus Koschany (@apo)]

Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5c99a053 by Markus Koschany at 2022-09-22T15:52:14+02:00
Remove no-dsa tags of mediawiki for upcoming security update

- - - - -
2736380e by Markus Koschany at 2022-09-22T15:53:14+02:00
Reserve DLA-3117-1 for mediawiki

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -16325,14 +16325,12 @@ CVE-2022-34913 (** DISPUTED ** md2roff 1.7 has a stack-based buffer overflow via
 CVE-2022-34912 (An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1 ...)
 	- mediawiki 1:1.35.7-1
 	[bullseye] - mediawiki <postponed> (Minor issue, fix along with next security release)
-	[buster] - mediawiki <postponed> (Minor issue, fix along with next security release)
 	NOTE: https://phabricator.wikimedia.org/T308473
 	NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/807225/
 	NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/PIPYDRSHXOYW5DB7X755QDNUV5EZWPWB/
 CVE-2022-34911 (An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x  ...)
 	- mediawiki 1:1.35.7-1
 	[bullseye] - mediawiki <postponed> (Minor issue, fix along with next security release)
-	[buster] - mediawiki <postponed> (Minor issue, fix along with next security release)
 	NOTE: https://phabricator.wikimedia.org/T308471
 	NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/805208
 	NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/PIPYDRSHXOYW5DB7X755QDNUV5EZWPWB/
@@ -35388,21 +35386,18 @@ CVE-2022-28204 (A denial-of-service issue was discovered in MediaWiki 1.37.x bef
 CVE-2022-28203 (A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1 ...)
 	- mediawiki 1:1.35.6-1
 	[bullseye] - mediawiki <postponed> (Fix along in next security release)
-	[buster] - mediawiki <postponed> (Fix along in next security release)
 	[stretch] - mediawiki <postponed> (Fix along in next security release)
 	NOTE: https://phabricator.wikimedia.org/T297731
 	NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/
 CVE-2022-28202 (An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before  ...)
 	- mediawiki 1:1.35.6-1
 	[bullseye] - mediawiki <postponed> (Fix along in next security release)
-	[buster] - mediawiki <postponed> (Fix along in next security release)
 	[stretch] - mediawiki <postponed> (Fix along in next security release)
 	NOTE: https://phabricator.wikimedia.org/T297543
 	NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/
 CVE-2022-28201 (An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36 ...)
 	- mediawiki 1:1.35.6-1
 	[bullseye] - mediawiki <postponed> (Fix along in next security release)
-	[buster] - mediawiki <postponed> (Fix along in next security release)
 	[stretch] - mediawiki <postponed> (Fix along in next security release)
 	NOTE: https://phabricator.wikimedia.org/T297571
 	NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/
@@ -58981,7 +58976,6 @@ CVE-2021-44856 [Title blocked in AbuseFilter can be created via Special:ChangeCo
 	RESERVED
 	- mediawiki 1:1.35.5-1
 	[bullseye] - mediawiki <postponed> (Minor issue)
-	[buster] - mediawiki <postponed> (Minor issue)
 	[stretch] - mediawiki <postponed> (Minor issue)
 	NOTE: https://phabricator.wikimedia.org/T271037
 	NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[22 Sep 2022] DLA-3117-1 mediawiki - security update
+	{CVE-2021-44856 CVE-2022-28201 CVE-2022-28202 CVE-2022-28203 CVE-2022-34911 CVE-2022-34912}
+	[buster] - mediawiki 1:1.31.16-1+deb10u3
 [21 Sep 2022] DLA-3116-1 mako - security update
 	{CVE-2022-40023}
 	[buster] - mako 1.0.7+ds1-1+deb10u1


=====================================
data/dla-needed.txt
=====================================
@@ -82,10 +82,6 @@ linux (Ben Hutchings)
 mbedtls (Utkarsh)
   NOTE: 20220821: Programming language: C.
 --
-mediawiki
-  NOTE: 20220810: Programming language: PHP.
-  NOTE: 20220829: Will be released soon. (apo)
---
 netatalk (Stefano Rivera)
   NOTE: 20220816: Programming language: C.
   NOTE: 20220912: We get errors in the log, not present on bookworm. Needs more investigation. (stefanor)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/45eeacad1b55cbaba3699528695e3c6b36db1f9a...2736380ef93934674b7a603695671f460ef2249c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/45eeacad1b55cbaba3699528695e3c6b36db1f9a...2736380ef93934674b7a603695671f460ef2249c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220922/25f90c7f/attachment-0001.htm>