Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5c99a053 by Markus Koschany at 2022-09-22T15:52:14+02:00
Remove no-dsa tags of mediawiki for upcoming security update
- - - - -
2736380e by Markus Koschany at 2022-09-22T15:53:14+02:00
Reserve DLA-3117-1 for mediawiki
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -16325,14 +16325,12 @@ CVE-2022-34913 (** DISPUTED ** md2roff 1.7 has a
stack-based buffer overflow via
CVE-2022-34912 (An issue was discovered in MediaWiki before 1.37.3 and 1.38.x
before 1 ...)
- mediawiki 1:1.35.7-1
[bullseye] - mediawiki <postponed> (Minor issue, fix along with next
security release)
- [buster] - mediawiki <postponed> (Minor issue, fix along with next
security release)
NOTE: https://phabricator.wikimedia.org/T308473
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/807225/
NOTE:
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/PIPYDRSHXOYW5DB7X755QDNUV5EZWPWB/
CVE-2022-34911 (An issue was discovered in MediaWiki before 1.35.7, 1.36.x and
1.37.x ...)
- mediawiki 1:1.35.7-1
[bullseye] - mediawiki <postponed> (Minor issue, fix along with next
security release)
- [buster] - mediawiki <postponed> (Minor issue, fix along with next
security release)
NOTE: https://phabricator.wikimedia.org/T308471
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/805208
NOTE:
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/PIPYDRSHXOYW5DB7X755QDNUV5EZWPWB/
@@ -35388,21 +35386,18 @@ CVE-2022-28204 (A denial-of-service issue was
discovered in MediaWiki 1.37.x bef
CVE-2022-28203 (A denial-of-service issue was discovered in MediaWiki before
1.35.6, 1 ...)
- mediawiki 1:1.35.6-1
[bullseye] - mediawiki <postponed> (Fix along in next security release)
- [buster] - mediawiki <postponed> (Fix along in next security release)
[stretch] - mediawiki <postponed> (Fix along in next security release)
NOTE: https://phabricator.wikimedia.org/T297731
NOTE:
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/
CVE-2022-28202 (An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x
before ...)
- mediawiki 1:1.35.6-1
[bullseye] - mediawiki <postponed> (Fix along in next security release)
- [buster] - mediawiki <postponed> (Fix along in next security release)
[stretch] - mediawiki <postponed> (Fix along in next security release)
NOTE: https://phabricator.wikimedia.org/T297543
NOTE:
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/
CVE-2022-28201 (An issue was discovered in MediaWiki before 1.35.6, 1.36.x
before 1.36 ...)
- mediawiki 1:1.35.6-1
[bullseye] - mediawiki <postponed> (Fix along in next security release)
- [buster] - mediawiki <postponed> (Fix along in next security release)
[stretch] - mediawiki <postponed> (Fix along in next security release)
NOTE: https://phabricator.wikimedia.org/T297571
NOTE:
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/
@@ -58981,7 +58976,6 @@ CVE-2021-44856 [Title blocked in AbuseFilter can be
created via Special:ChangeCo
RESERVED
- mediawiki 1:1.35.5-1
[bullseye] - mediawiki <postponed> (Minor issue)
- [buster] - mediawiki <postponed> (Minor issue)
[stretch] - mediawiki <postponed> (Minor issue)
NOTE: https://phabricator.wikimedia.org/T271037
NOTE:
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[22 Sep 2022] DLA-3117-1 mediawiki - security update
+ {CVE-2021-44856 CVE-2022-28201 CVE-2022-28202 CVE-2022-28203
CVE-2022-34911 CVE-2022-34912}
+ [buster] - mediawiki 1:1.31.16-1+deb10u3
[21 Sep 2022] DLA-3116-1 mako - security update
{CVE-2022-40023}
[buster] - mako 1.0.7+ds1-1+deb10u1
=====================================
data/dla-needed.txt
=====================================
@@ -82,10 +82,6 @@ linux (Ben Hutchings)
mbedtls (Utkarsh)
NOTE: 20220821: Programming language: C.
--
-mediawiki
- NOTE: 20220810: Programming language: PHP.
- NOTE: 20220829: Will be released soon. (apo)
---
netatalk (Stefano Rivera)
NOTE: 20220816: Programming language: C.
NOTE: 20220912: We get errors in the log, not present on bookworm. Needs
more investigation. (stefanor)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/45eeacad1b55cbaba3699528695e3c6b36db1f9a...2736380ef93934674b7a603695671f460ef2249c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/45eeacad1b55cbaba3699528695e3c6b36db1f9a...2736380ef93934674b7a603695671f460ef2249c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
