[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2025-32697/mediawiki: Mark as <ignored> for bullseye

Wed Jul 23 21:08:36 BST 2025


Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker


Commits:
68407554 by Guilhem Moulin at 2025-07-23T22:07:44+02:00
CVE-2025-32697/mediawiki: Mark as <ignored> for bullseye

Following Security Team triaging for bookworm in
f771a8d3d320f8875c39594e5f3670a7fe5b501c.

- - - - -
33a75abb by Guilhem Moulin at 2025-07-23T22:08:14+02:00
Reserve DLA-4249-1 for mediawiki

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -31755,6 +31755,7 @@ CVE-2025-32698 (Exposure of Sensitive Information to an Unauthorized Actor vulne
 CVE-2025-32697 (Improper Preservation of Permissions vulnerability in Wikimedia Founda ...)
 	- mediawiki 1:1.43.1+dfsg-1
 	[bookworm] - mediawiki <ignored> (Minor issue, too intrusive to backport and also not fixed in 1.39.x upstream)
+	[bullseye] - mediawiki <ignored> (Minor issue, too intrusive to backport)
 	NOTE: https://phabricator.wikimedia.org/T140010
 	NOTE: https://phabricator.wikimedia.org/T62109
 	NOTE: https://phabricator.wikimedia.org/T24521


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[23 Jul 2025] DLA-4249-1 mediawiki - security update
+	{CVE-2025-3469 CVE-2025-6590 CVE-2025-6591 CVE-2025-6593 CVE-2025-6594 CVE-2025-6595 CVE-2025-6597 CVE-2025-6926 CVE-2025-32072 CVE-2025-32696 CVE-2025-32698 CVE-2025-32699}
+	[bullseye] - mediawiki 1:1.35.13-1+deb11u4
 [23 Jul 2025] DLA-4248-1 openjdk-11 - security update
 	{CVE-2025-30749 CVE-2025-30754 CVE-2025-30761 CVE-2025-50059 CVE-2025-50106}
 	[bullseye] - openjdk-11 11.0.28+6-1~deb11u1


=====================================
data/dla-needed.txt
=====================================
@@ -234,13 +234,6 @@ mbedtls
   NOTE: 20250714: Added by Front-Desk (Beuc)
   NOTE: 20250714: 6 new CVEs pile-up in June; also check postponed issues (Beuc/front-desk)
 --
-mediawiki (guilhem)
-  NOTE: 20250412: Added by Front-Desk (Beuc)
-  NOTE: 20250412: Upcoming DSA (Beuc/front-desk)
-  NOTE: 20250621: bookworm currently following micro-releases for 1.39 (EOL 2025-11)
-  NOTE: 20250621: bullseye followed 1.35 (EOL 2023-12), all open CVEs would need individual backport (Beuc)
-  NOTE: 20250714: In progress; new CVEs appeared recently with the 1.39.13 release (guilhem)
---
 mimetex
   NOTE: 20250422: Added by Front-Desk (rouca)
   NOTE: 20250629: There doesn't seem to be a fix so far according to #1103801 (dleidert)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8c81b7440898432a3cce3e15851e87426b457703...33a75abbcf0ba140a4b1e4d1dfbe6e8355fafbbc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8c81b7440898432a3cce3e15851e87426b457703...33a75abbcf0ba140a4b1e4d1dfbe6e8355fafbbc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250723/870947ce/attachment-0001.htm>
