Hey Kunal, thanks again for preparing these debdiffs. After reviewing
them, I've gone ahead and uploaded the packages to the ubuntu-security-
proposed ppa at https://launchpad.net/~ubuntu-security-
proposed/+archive/ubuntu/ppa/+packages to build and run through
autopkgtests; any feedback or
Hi Kunal,
Thanks for preparing these updates, I'm looking at them now. Apologies
that they didn't get picked up earlier.
** Changed in: mediawiki (Ubuntu Bionic)
Assignee: (unassigned) => Steve Beattie (sbeattie)
** Changed in: mediawiki (Ubuntu Focal)
Assignee: (unassigned) => Steve
The Hirsute Hippo has reached End of Life, so this bug will not be fixed
for that release.
** Changed in: mediawiki (Ubuntu Hirsute)
Status: New => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Changed in: mediawiki (Ubuntu Bionic)
Importance: Undecided => Medium
** Changed in: mediawiki (Ubuntu Focal)
Importance: Undecided => Medium
** Changed in: mediawiki (Ubuntu Hirsute)
Importance: Undecided => Medium
** Changed in: mediawiki (Ubuntu Impish)
Importance: Undecided
Version in jammy includes the fixes:
mediawiki (1:1.35.5-1) unstable; urgency=high
[ Kunal Mehta ]
* New upstream version 1.35.5, fixing CVE-2021-44854, CVE-2021-44855,
CVE-2021-44856, CVE-2021-44857, CVE-2021-44858, CVE-2021-45038.
[ Debian Janitor ]
* Remove constraints
** Information type changed from Public to Public Security
** Changed in: mediawiki (Ubuntu)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1955352
Title:
Removing ~ubuntu-sponsors and subscribing ~ubuntu-security-sponsors, as
this should be applied to the security pocket.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1955352
Title:
Vulnerable to
The attachment "impish.debdiff" seems to be a debdiff. The ubuntu-
sponsors team has been subscribed to the bug report so that they can
review and hopefully sponsor the debdiff. If the attachment isn't a
patch, please remove the "patch" flag from the attachment, remove the
"patch" tag, and if
Note the version in bionic is not vulnerable to CVE-2021-44857 nor
CVE-2021-45038.
** Patch added: "bionic.debdiff"
https://bugs.launchpad.net/ubuntu/+source/mediawiki/+bug/1955352/+attachment/5548616/+files/bionic.debdiff
** CVE added:
** Patch added: "debdiff for hirsute"
https://bugs.launchpad.net/ubuntu/+source/mediawiki/+bug/1955352/+attachment/5548614/+files/hirsute.debdiff
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-44857
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-45038
Note that the version in focal is not vulnerable to CVE-2021-44857 nor
CVE-2021-45038.
** Patch added: "focal.debdiff"
https://bugs.launchpad.net/ubuntu/+source/mediawiki/+bug/1955352/+attachment/5548615/+files/focal.debdiff
--
You received this bug notification because you are a member of
debdiff for impish
** Patch added: "impish.debdiff"
https://bugs.launchpad.net/ubuntu/+source/mediawiki/+bug/1955352/+attachment/5548613/+files/impish.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
12 matches
Mail list logo
