Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fa85bb58 by Moritz Muehlenhoff at 2022-07-04T11:58:36+02:00
mediawiki fixed, add additional references
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -21,17 +21,19 @@ CVE-2022-34914
CVE-2022-34913 (** DISPUTED ** md2roff 1.7 has a stack-based buffer overflow
via a Mar ...)
TODO: check
CVE-2022-34912 (An issue was discovered in MediaWiki before 1.37.3 and 1.38.x
before 1 ...)
- - mediawiki <unfixed>
+ - mediawiki 1:1.35.7-1
[bullseye] - mediawiki <postponed> (Minor issue, fix along with next
security release)
[buster] - mediawiki <postponed> (Minor issue, fix along with next
security release)
NOTE: https://phabricator.wikimedia.org/T308473
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/807225/
+ NOTE:
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/PIPYDRSHXOYW5DB7X755QDNUV5EZWPWB/
CVE-2022-34911 (An issue was discovered in MediaWiki before 1.35.7, 1.36.x and
1.37.x ...)
- - mediawiki <unfixed>
+ - mediawiki 1:1.35.7-1
[bullseye] - mediawiki <postponed> (Minor issue, fix along with next
security release)
[buster] - mediawiki <postponed> (Minor issue, fix along with next
security release)
NOTE: https://phabricator.wikimedia.org/T308471
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/805208
+ NOTE:
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/PIPYDRSHXOYW5DB7X755QDNUV5EZWPWB/
CVE-2022-2290 (Cross-site Scripting (XSS) - Reflected in GitHub repository
zadam/tril ...)
NOT-FOR-US: Trilium Notes
CVE-2022-2289 (Use After Free in GitHub repository vim/vim prior to 9.0. ...)
@@ -10032,10 +10034,16 @@ CVE-2022-31092 (Pimcore is an Open Source Data &
Experience Management Platf
NOT-FOR-US: Pimcore
CVE-2022-31091 (Guzzle, an extensible PHP HTTP client. `Authorization` and
`Cookie` he ...)
- guzzle <unfixed>
+ - mediawiki 1:1.35.7-1
+ [bullseye] - mediawiki <postponed> (Minor issue, fix along with next
security release)
+ [buster] - mediawiki <postponed> (Minor issue, fix along with next
security release)
NOTE:
https://github.com/guzzle/guzzle/security/advisories/GHSA-q559-8m2m-g699
NOTE:
https://github.com/guzzle/guzzle/commit/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82
(7.4.5)
CVE-2022-31090 (Guzzle, an extensible PHP HTTP client. `Authorization` headers
on requ ...)
- guzzle <unfixed>
+ - mediawiki 1:1.35.7-1
+ [bullseye] - mediawiki <postponed> (Minor issue, fix along with next
security release)
+ [buster] - mediawiki <postponed> (Minor issue, fix along with next
security release)
NOTE:
https://github.com/guzzle/guzzle/security/advisories/GHSA-25mq-v84q-4j7r
NOTE:
https://github.com/guzzle/guzzle/commit/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82
(7.4.5)
CVE-2022-31089 (Parse Server is an open source backend that can be deployed to
any inf ...)
@@ -10156,10 +10164,16 @@ CVE-2022-31044 (Rundeck is an open source automation
service with a web console,
NOT-FOR-US: Rundesk
CVE-2022-31043 (Guzzle is an open source PHP HTTP client. In affected versions
`Author ...)
- guzzle 7.4.4-1 (bug #1012821)
+ - mediawiki 1:1.35.7-1
+ [bullseye] - mediawiki <postponed> (Minor issue, fix along with next
security release)
+ [buster] - mediawiki <postponed> (Minor issue, fix along with next
security release)
NOTE:
https://github.com/guzzle/guzzle/security/advisories/GHSA-w248-ffj2-4v5q
NOTE:
https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8
(7.4.4)
CVE-2022-31042 (Guzzle is an open source PHP HTTP client. In affected versions
the `Co ...)
- guzzle 7.4.4-1 (bug #1012821)
+ - mediawiki 1:1.35.7-1
+ [bullseye] - mediawiki <postponed> (Minor issue, fix along with next
security release)
+ [buster] - mediawiki <postponed> (Minor issue, fix along with next
security release)
NOTE:
https://github.com/guzzle/guzzle/security/advisories/GHSA-f2wf-25xc-69c9
NOTE:
https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8
(7.4.4)
CVE-2022-31041 (Open Forms is an application for creating and publishing smart
forms. ...)
@@ -15583,7 +15597,13 @@ CVE-2022-29249 (JavaEZ is a library that adds new
functions to make Java easier.
NOT-FOR-US: JavaEZLib/JavaEZ
CVE-2022-29248 (Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6
and 7.4.3 ...)
- guzzle 7.4.4-1 (bug #1011636)
+ - mediawiki 1:1.35.7-1
+ [bullseye] - mediawiki <postponed> (Minor issue, fix along with next
security release)
+ [buster] - mediawiki <postponed> (Minor issue, fix along with next
security release)
NOTE:
https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3
+ NOTE: https://phabricator.wikimedia.org/T308473
+ NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/807225/
+ NOTE:
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/PIPYDRSHXOYW5DB7X755QDNUV5EZWPWB/
CVE-2022-29247 (Electron is a framework for writing cross-platform desktop
application ...)
- electron <itp> (bug #842420)
CVE-2022-29246 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG)
embedded st ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa85bb5833b38a54e7439e795a3bef384b292ed3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa85bb5833b38a54e7439e795a3bef384b292ed3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
