[Git][security-tracker-team/security-tracker][master] new mediawiki issues

Thu, 31 Mar 2022 15:21:28 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c809597a by Moritz Muehlenhoff at 2022-04-01T00:20:27+02:00
new mediawiki issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -337,18 +337,34 @@ CVE-2022-28206 (An issue was discovered in MediaWiki 
through 1.37.1. ImportPlanV
        NOT-FOR-US: MediaWiki FileImporter extension
 CVE-2022-28205 (An issue was discovered in MediaWiki through 1.37.1. The 
CentralAuth e ...)
        NOT-FOR-US: MediaWiki CentralAuth extension
-CVE-2022-28204
+CVE-2022-28204 [mediawiki: Special:WhatLinksHere can result in a DoS when a 
page is used on a extremely large number of other pages]
        RESERVED
-CVE-2022-28203
+       - mediawiki <unfixed>
+       [bullseye] - mediawiki <postponed> (Fix along in next security release)
+       [buster] - mediawiki <postponed> (Fix along in next security release)
+       NOTE: https://phabricator.wikimedia.org/T297754
+       NOTE: 
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/
+CVE-2022-28203 [mediawiki: Requesting Special:NewFiles on a wiki with many 
file uploads with actor as a condition can result in a DoS]
        RESERVED
+       - mediawiki <unfixed>
+       [bullseye] - mediawiki <postponed> (Fix along in next security release)
+       [buster] - mediawiki <postponed> (Fix along in next security release)
+       NOTE: https://phabricator.wikimedia.org/T297731
+       NOTE: 
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/
 CVE-2022-28202 (An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x 
before  ...)
        - mediawiki <unfixed>
        [bullseye] - mediawiki <postponed> (Fix along in next security release)
        [buster] - mediawiki <postponed> (Fix along in next security release)
        [stretch] - mediawiki <postponed> (Fix along in next security release)
        NOTE: https://phabricator.wikimedia.org/T297543
-CVE-2022-28201
+       NOTE: 
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/
+CVE-2022-28201 [mediawiki: Title::newMainPage() goes into an infinite 
recursion loop if it points to a local interwiki]
        RESERVED
+       - mediawiki <unfixed>
+       [bullseye] - mediawiki <postponed> (Fix along in next security release)
+       [buster] - mediawiki <postponed> (Fix along in next security release)
+       NOTE: https://phabricator.wikimedia.org/T297571
+       NOTE: 
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/
 CVE-2022-28200
        RESERVED
 CVE-2022-28199



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c809597ab81cad23493297916dcfb95b2a202ae7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c809597ab81cad23493297916dcfb95b2a202ae7
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to