Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3a57854a by Markus Koschany at 2021-10-09T17:33:14+02:00
Mark CVE-2021-41800,CVE-2021-41801,mediawiki as not-affected for Stretch
The vulnerable code was introduced later
- - - - -
232ea563 by Markus Koschany at 2021-10-09T17:34:32+02:00
CVE-2021-35197,mediawiki: Remove postponed tag.
- - - - -
532839de by Markus Koschany at 2021-10-09T17:35:22+02:00
Reserve DLA-2779-1 for mediawiki
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -773,14 +773,17 @@ CVE-2021-41801
RESERVED
{DSA-4979-1}
- mediawiki 1:1.35.4-1
+ [stretch] - mediawiki <not-affected> (The vulnerable was introduced
later)
NOTE:
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
NOTE: https://phabricator.wikimedia.org/T279090
CVE-2021-41800
RESERVED
{DSA-4979-1}
- mediawiki 1:1.35.4-1
+ [stretch] - mediawiki <not-affected> (The vulnerable was introduced
later)
NOTE:
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
NOTE: https://phabricator.wikimedia.org/T284419
+ NOTE: Fixed by
https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874
CVE-2021-41799
RESERVED
{DSA-4979-1}
@@ -16231,7 +16234,6 @@ CVE-2021-35197 (In MediaWiki before 1.31.15, 1.32.x
through 1.35.x before 1.35.3
- mediawiki 1:1.35.3-1
[bullseye] - mediawiki <postponed> (Minor issue, wait until next 1.35.x
release)
[buster] - mediawiki <postponed> (Minor issue, wait until next 1.31.x
release)
- [stretch] - mediawiki <postponed> (Minor issue, include in next update)
NOTE:
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/YR3X4L2CPSEJVSY543AWEO65TD6APXHP/
NOTE: https://phabricator.wikimedia.org/T280226
CVE-2021-35196 (** DISPUTED ** Manuskript through 0.12.0 allows remote
attackers to ex ...)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[09 Oct 2021] DLA-2779-1 mediawiki - security update
+ {CVE-2021-35197 CVE-2021-41798 CVE-2021-41799}
+ [stretch] - mediawiki 1:1.27.7-1~deb9u10
[04 Oct 2021] DLA-2778-1 fig2dev - security update
{CVE-2019-19797 CVE-2020-21529 CVE-2020-21530 CVE-2020-21531
CVE-2020-21532 CVE-2020-21533 CVE-2020-21534 CVE-2020-21535 CVE-2020-21675
CVE-2020-21676 CVE-2021-3561 CVE-2021-32280}
[stretch] - fig2dev 1:3.2.6a-2+deb9u4
=====================================
data/dla-needed.txt
=====================================
@@ -56,8 +56,6 @@ linux (Ben Hutchings)
--
linux-4.19 (Ben Hutchings)
--
-mediawiki (Markus Koschany)
---
mosquitto
NOTE: 20210805: coordinating upload to buster before DLA for Stretch
(codehelp)
NOTE: 20210806: CVE-2021-34432 ignored in buster and stretch. Vulnerable
code not accessible. (codehelp)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/04dc8c6f53e07c9cb74b82cb26d33f7a06cd876c...532839dec29ab9ab59c7f67a761ae6c0af5522e2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/04dc8c6f53e07c9cb74b82cb26d33f7a06cd876c...532839dec29ab9ab59c7f67a761ae6c0af5522e2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
