[Git][security-tracker-team/security-tracker][master] Mark CVE-2023-45360/mediawiki as no-dsa for buster.
Guilhem Moulin (@guilhem)
guilhem at debian.org
Tue Nov 28 00:18:23 GMT 2023
Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b37cad8d by Guilhem Moulin at 2023-11-28T01:18:00+01:00
Mark CVE-2023-45360/mediawiki as no-dsa for buster.
Prior to 1.32 all sysops could edit sitewide CSS/JS hence inject XSS via
MediaWiki:Common.js or similar. This was changed in 1.32 following
https://phabricator.wikimedia.org/T120886 and https://phabricator.wikimedia.org/T190015.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -8240,6 +8240,7 @@ CVE-2023-40310 (SAP PowerDesignerClient- version 16.7, does not sufficiently val
CVE-2023-45360 (An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1. ...)
{DSA-5520-1}
- mediawiki 1:1.39.5-1
+ [buster] - mediawiki <no-dsa> (Minor issue: prior to 1.32 any sysop could edit sitewide CSS/JS anyway)
NOTE: https://phabricator.wikimedia.org/T340221
CVE-2023-45362 (An issue was discovered in DifferenceEngine.php in MediaWiki before 1. ...)
{DSA-5520-1}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b37cad8dfadbfb7305099cd54f45db51545b6a87
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b37cad8dfadbfb7305099cd54f45db51545b6a87
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231128/44169fc0/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list