[Git][security-tracker-team/security-tracker][master] mediawiki DSA

Wed, 15 Dec 2021 11:46:13 -0800 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d76508e0 by Moritz Mühlenhoff at 2021-12-15T20:45:36+01:00
mediawiki DSA
take mediawiki for DLA

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -679,6 +679,7 @@ CVE-2021-44859
 CVE-2021-44858 [Unauthorized users can view contents of private wikis using 
various actions]
        RESERVED
        - mediawiki <unfixed>
+       [buster] - mediawiki 1:1.31.16-1+deb10u2
        NOTE: https://phabricator.wikimedia.org/T297322
        NOTE: 
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/
 CVE-2021-44857 [Unauthorized users can use action=mcrundo to replace the 
content of arbitrary pages]


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[15 Dec 2021] DSA-5021-1 mediawiki - security update
+       {CVE-2021-44857 CVE-2021-44858 CVE-2021-45038}
+       [bullseye] - mediawiki 1:1.35.4-1+deb11u2
 [11 Dec 2021] DSA-5020-1 apache-log4j2 - security update
        {CVE-2021-44228}
        [buster] - apache-log4j2 2.15.0-1~deb10u1


=====================================
data/dla-needed.txt
=====================================
@@ -59,6 +59,8 @@ linux (Ben Hutchings)
 --
 linux-4.19 (Ben Hutchings)
 --
+mediawiki (jmm)
+--
 nvidia-graphics-drivers (Markus Koschany)
   NOTE: package is in non-free but also in packages-to-support
   NOTE: only CVE‑2021‑1076 seems to be fixed in the R390 branch used in 
Stretch, no fix available for CVE-2021-1077



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d76508e00f7075b606a503d2df94c59c905c1a57

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d76508e00f7075b606a503d2df94c59c905c1a57
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to