[Git][security-tracker-team/security-tracker][master] mediawiki DSA

Sun Mar 31 20:03:10 BST 2024


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dc2c64d7 by Moritz Mühlenhoff at 2024-03-31T21:02:39+02:00
mediawiki DSA

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,6 @@
 CVE-2024-XXXX [mediawiki: XSS in edit summary parser]
 	- mediawiki 1:1.39.7-1
+	[bookworm] - mediawiki 1:1.39.7-1~deb12u1
 	[bullseye] - mediawiki <not-affected> (Vulnerable code not present, introduced in 1.38)
 	[buster] - mediawiki <not-affected> (Vulnerable code not present, introduced in 1.38)
 	NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/V3WXEPXV2DU6WTVEKK4XHW4QXD5OFKD7/
@@ -7,6 +8,8 @@ CVE-2024-XXXX [mediawiki: XSS in edit summary parser]
 	NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1015422
 CVE-2024-XXXX [mediawiki:  Denial of service vector via GET request to Special:MovePage on pages with thousands of subpages]
 	- mediawiki 1:1.39.7-1
+	[bookworm] - mediawiki 1:1.39.7-1~deb12u1
+	[bookworm] - mediawiki 1:1.39.7-1~deb12u1
 	NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/V3WXEPXV2DU6WTVEKK4XHW4QXD5OFKD7/
 	NOTE: https://phabricator.wikimedia.org/T357760
 	NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1015423
@@ -21987,7 +21990,7 @@ CVE-2023-51707 (MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG al
 	NOT-FOR-US: MotionPro
 CVE-2023-51704 (An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1. ...)
 	- mediawiki 1:1.39.6-1
-	[bookworm] - mediawiki <postponed> (Minor issue, fix along in next update)
+	[bookworm] - mediawiki 1:1.39.7-1~deb12u1
 	[bullseye] - mediawiki <postponed> (Minor issue, fix along in next update)
 	[buster] - mediawiki <postponed> (Minor issue, fix along in next update)
 	NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52/


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[31 Mar 2024] DSA-5651-1 mediawiki - security update
+	[bullseye] - mediawiki 1:1.35.13-1+deb11u2
+	[bookworm] - mediawiki 1:1.39.7-1~deb12u1
 [31 Mar 2024] DSA-5650-1 util-linux - security update
 	{CVE-2024-28085}
 	[bullseye] - util-linux 2.36.1-8+deb11u2


=====================================
data/dsa-needed.txt
=====================================
@@ -44,8 +44,6 @@ linux (carnil)
   Wait until more issues have piled up, though try to regulary rebase for point
   releases to more recent v5.10.y and 6.1.y versions
 --
-mediawiki (jmm)
---
 nbconvert/oldstable
   Guilhem Moulin proposed an update ready for review
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc2c64d749a440a53d061a2e142fb133ff1dd8ed

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc2c64d749a440a53d061a2e142fb133ff1dd8ed
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240331/0fe5fa25/attachment-0001.htm>
