[Git][security-tracker-team/security-tracker][master] new mediawiki issues
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Oct 9 21:40:35 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
699efd60 by Moritz Muehlenhoff at 2023-10-09T22:40:00+02:00
new mediawiki issues
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2023-45360
+ - mediawiki 1:1.39.5-1
+ NOTE: https://phabricator.wikimedia.org/T340221
+CVE-2023-45362
+ - mediawiki 1:1.39.5-1
+ NOTE: https://phabricator.wikimedia.org/T341529
+CVE-2023-45361
+ - mediawiki 1:1.39.5-1
+ NOTE: https://phabricator.wikimedia.org/T340220
+CVE-2023-45359
+ - mediawiki 1:1.39.5-1
+ NOTE: https://phabricator.wikimedia.org/T340217
CVE-2023-5461 (A vulnerability was found in Delta Electronics WPLSoft 2.51. It has be ...)
TODO: check
CVE-2023-5460 (A vulnerability was found in Delta Electronics WPLSoft up to 2.51 and ...)
@@ -117,10 +129,10 @@ CVE-2023-45369 (An issue was discovered in the PageTriage extension for MediaWik
CVE-2023-45367 (An issue was discovered in the CheckUser extension for MediaWiki befor ...)
NOT-FOR-US: MediaWiki extension CheckUser
CVE-2023-45364 (An issue was discovered in includes/page/Article.php in MediaWiki 1.36 ...)
- - mediawiki <unfixed>
+ - mediawiki 1:1.39.5-1
NOTE: https://phabricator.wikimedia.org/T264765
CVE-2023-45363 (An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, ...)
- - mediawiki <unfixed>
+ - mediawiki 1:1.39.5-1
NOTE: https://phabricator.wikimedia.org/T333050
CVE-2023-45356 (Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 40 ...)
NOT-FOR-US: Atos
@@ -2404,9 +2416,7 @@ CVE-2023-40163 (An out-of-bounds write vulnerability exists in the allocate_buff
CVE-2023-3664 (The FileOrganizer WordPress plugin through 1.0.2 does not restrict fun ...)
NOT-FOR-US: WordPress plugin
CVE-2023-3550 (Mediawiki v1.40.0 does not validate namespaces used in XML files. The ...)
- - mediawiki <unfixed>
- [bookworm] - mediawiki <postponed> (Wait until it lands in 1.39)
- [bullseye] - mediawiki <postponed> (Wait until it lands in 1.35)
+ - mediawiki 1:1.39.5-1
[buster] - mediawiki <postponed> (Wait until it lands in 1.35)
NOTE: https://phabricator.wikimedia.org/T341565
CVE-2023-3547 (The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -32,6 +32,8 @@ linux (carnil)
Wait until more issues have piled up, though try to regulary rebase for point
releases to more recent v5.10.y and 6.1.y versions
--
+mediawiki (jmm)
+--
nbconvert/oldstable
Guilhem Moulin proposed an update ready for review
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/699efd600990a971203043a7d3c4d013804c69d9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/699efd600990a971203043a7d3c4d013804c69d9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231009/f73cd4e5/attachment.htm>
More information about the debian-security-tracker-commits
mailing list