[Git][security-tracker-team/security-tracker][master] new mediawiki issues

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e28976fa by Moritz Muehlenhoff at 2022-09-30T09:08:03+02:00
new mediawiki issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -88,12 +88,20 @@ CVE-2022-3355 (Cross-site Scripting (XSS) - Stored in GitHub repository inventre
 	TODO: check
 CVE-2022-41768
 	RESERVED
-CVE-2022-41767
+CVE-2022-41767 [mediawiki: reassignEdits doesn't update results in an IP range check on Special:Contributions]
 	RESERVED
-CVE-2022-41766
+	- mediawiki <unfixed>
+	NOTE: https://phabricator.wikimedia.org/T316304
+CVE-2022-41766 [mediawiki: On action=rollback the message "alreadyrolled" can leak revision deleted user name]
 	RESERVED
-CVE-2022-41765
+	- mediawiki <unfixed>
+	[bullseye] - mediawiki <not-affected> (Vulnerable code not present, only affects 1.37 and later)
+	[buster] - mediawiki <not-affected> (Vulnerable code not present, only affects 1.37 and later)
+	NOTE: https://phabricator.wikimedia.org/T307278
+CVE-2022-41765 [mediawiki: HTMLUserTextField exposes existence of hidden users]
 	RESERVED
+	- mediawiki <unfixed>
+	NOTE: https://phabricator.wikimedia.org/T309894
 CVE-2022-41764
 	RESERVED
 CVE-2022-41763



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e28976fa776b6267d1071256f490fe198cd05bc9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e28976fa776b6267d1071256f490fe198cd05bc9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220930/c6a744e7/attachment-0001.htm>