[Git][security-tracker-team/security-tracker][master] mediawiki fixed in sid
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sat Jul 1 19:14:23 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a624e0ab by Moritz Muehlenhoff at 2023-07-01T20:13:52+02:00
mediawiki fixed in sid
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2023-36674 [Manualthumb bypasses badFile lookup]
+ - mediawiki 1:1.39.4-1
+ NOTE: https://phabricator.wikimedia.org/T335612
+ NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/934571/
CVE-2023-37252
NOT-FOR-US: MediaWiki extension CheckUser
CVE-2023-37253
@@ -652,9 +656,7 @@ CVE-2023-2993 (A valid, authenticated user with limited privileges may be able t
CVE-2023-2992 (An unauthenticated denial of service vulnerability exists in the SMM v ...)
NOT-FOR-US: Lenovo
CVE-2023-36675 (An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1. ...)
- - mediawiki <unfixed>
- [bookworm] - mediawiki <postponed> (Fix in next security release)
- [bullseye] - mediawiki <postponed> (Fix in next security release)
+ - mediawiki 1:1.39.4-1
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/921452
NOTE: https://phabricator.wikimedia.org/T332889
CVE-2023-36666 (INEX IXP-Manager before 6.3.1 allows XSS. list-preamble.foil.php, page ...)
@@ -12086,9 +12088,7 @@ CVE-2023-29143
CVE-2023-29142
RESERVED
CVE-2023-29141 (An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1. ...)
- - mediawiki <unfixed>
- [bookworm] - mediawiki <no-dsa> (Minor issue)
- [bullseye] - mediawiki <no-dsa> (Minor issue)
+ - mediawiki 1:1.39.4-1
[buster] - mediawiki <no-dsa> (Minor issue)
NOTE: https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39
NOTE: https://phabricator.wikimedia.org/T285159
=====================================
data/dsa-needed.txt
=====================================
@@ -30,6 +30,8 @@ linux (carnil)
Wait until more issues have piled up, though try to regulary rebase for point
releases to more recent v5.10.y versions
--
+mediawiki (jmm)
+--
nbconvert/oldstable
Guilhem Moulin proposed an update ready for review
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a624e0ab90803c56de9fef3d2845ffd0f08d5e5c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a624e0ab90803c56de9fef3d2845ffd0f08d5e5c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230701/56cab69e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list