Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
24e422c9 by Moritz Muehlenhoff at 2018-09-20T21:36:54Z
new mediawiki issues
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -9670,8 +9670,11 @@ CVE-2018-13259 (An issue was discovered in zsh before
5.6. Shebang lines exceedi
[jessie] - zsh <no-dsa> (Minor issue)
NOTE: https://www.zsh.org/mla/zsh-announce/136
NOTE:
https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d
-CVE-2018-13258
+CVE-2018-13258 [mediawiki: Tarball was missing .htaccess files]
RESERVED
+ - mediawiki <not-affected> (Affected upstream tarball was never used)
+ NOTE:
https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
+ NOTE: https://phabricator.wikimedia.org/T199029
CVE-2018-13257
RESERVED
CVE-2018-13256 (PHP Scripts Mall Auditor Website 2.0.1 has XSS via the
lastname or ...)
@@ -46264,12 +46267,21 @@ CVE-2018-0507 (Untrusted search path vulnerability in
FLET'S VIRUS CLEAR Easy Se
NOT-FOR-US: FLET'S VIRUS CLEAR
CVE-2018-0506 (Nootka 1.4.4 and earlier allows remote attackers to execute
arbitrary ...)
NOT-FOR-US: Nootka
-CVE-2018-0505
+CVE-2018-0505 [mediawiki: BotPasswords can bypass CentralAuth's account lock]
RESERVED
-CVE-2018-0504
+ - mediawiki <unfixed>
+ NOTE:
https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
+ NOTE: https://phabricator.wikimedia.org/T194605
+CVE-2018-0504 [mediawiki: Information disclosure in Special:Redirect/logid]
RESERVED
-CVE-2018-0503
+ - mediawiki <unfixed>
+ NOTE:
https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
+ NOTE: https://phabricator.wikimedia.org/T187638
+CVE-2018-0503 [mediawiki: wgRateLimits entry for 'user' overrides 'newbie']
RESERVED
+ - mediawiki <unfixed>
+ NOTE:
https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
+ NOTE: https://phabricator.wikimedia.org/T169545
CVE-2018-0502 (An issue was discovered in zsh before 5.6. The beginning of a
#! script ...)
- zsh 5.6-1 (bug #908000)
[stretch] - zsh <no-dsa> (Minor issue)
=====================================
data/dsa-needed.txt
=====================================
@@ -52,6 +52,8 @@ mariadb-10.1/stable
including some other changes -> Needs review if suitable to include via
security upload or need an SRM ack first.
--
+mediawiki (jmm)
+--
mercurial
--
mosquitto (seb)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/24e422c9960b8728896b7518d8adae6718e7b6c2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/24e422c9960b8728896b7518d8adae6718e7b6c2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
