Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ce3bd854 by Salvatore Bonaccorso at 2021-12-16T07:07:08+01:00
Track fixed mediawiki issues via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -328,7 +328,7 @@ CVE-2021-45039
CVE-2021-45038 [Unauthorized users can access private wiki contents using
rollback action]
RESERVED
{DSA-5021-1}
- - mediawiki <unfixed>
+ - mediawiki 1:1.35.5-1
[buster] - mediawiki <not-affected> (Vulnerable code not present)
[stretch] - mediawiki <not-affected> (Vulnerable code not present)
NOTE: https://phabricator.wikimedia.org/T297574
@@ -694,28 +694,28 @@ CVE-2021-44859
CVE-2021-44858 [Unauthorized users can view contents of private wikis using
various actions]
RESERVED
{DSA-5021-1 DLA-2847-1}
- - mediawiki <unfixed>
+ - mediawiki 1:1.35.5-1
[buster] - mediawiki 1:1.31.16-1+deb10u2
NOTE: https://phabricator.wikimedia.org/T297322
NOTE:
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/
CVE-2021-44857 [Unauthorized users can use action=mcrundo to replace the
content of arbitrary pages]
RESERVED
{DSA-5021-1}
- - mediawiki <unfixed>
+ - mediawiki 1:1.35.5-1
[buster] - mediawiki <not-affected> (Vulnerable code not present)
[stretch] - mediawiki <not-affected> (Vulnerable code not present)
NOTE: https://phabricator.wikimedia.org/T297322
NOTE:
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/
CVE-2021-44856 [Title blocked in AbuseFilter can be created via
Special:ChangeContentModel]
RESERVED
- - mediawiki <unfixed>
+ - mediawiki 1:1.35.5-1
[bullseye] - mediawiki <postponed> (Minor issue)
[buster] - mediawiki <postponed> (Minor issue)
NOTE: https://phabricator.wikimedia.org/T271037
NOTE:
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/
CVE-2021-44855 [Blind Stored XSS in VisualEditor media dialog]
RESERVED
- - mediawiki <unfixed>
+ - mediawiki 1:1.35.5-1
[bullseye] - mediawiki <postponed> (Minor issue)
[buster] - mediawiki <not-affected> (Vulnerable code not present)
[stretch] - mediawiki <not-affected> (Vulnerable code not present)
@@ -723,7 +723,7 @@ CVE-2021-44855 [Blind Stored XSS in VisualEditor media
dialog]
NOTE:
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/
CVE-2021-44854 [REST API incorrectly publicly caches autocomplete search
results from private wikis]
RESERVED
- - mediawiki <unfixed>
+ - mediawiki 1:1.35.5-1
[bullseye] - mediawiki <postponed> (Minor issue)
[buster] - mediawiki <not-affected> (Vulnerable code not present)
[stretch] - mediawiki <not-affected> (Vulnerable code not present)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce3bd854905d277c9eaa09851ee3255b9dd0245d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce3bd854905d277c9eaa09851ee3255b9dd0245d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
