Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e28976fa by Moritz Muehlenhoff at 2022-09-30T09:08:03+02:00
new mediawiki issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -88,12 +88,20 @@ CVE-2022-3355 (Cross-site Scripting (XSS) - Stored in
GitHub repository inventre
TODO: check
CVE-2022-41768
RESERVED
-CVE-2022-41767
+CVE-2022-41767 [mediawiki: reassignEdits doesn't update results in an IP range
check on Special:Contributions]
RESERVED
-CVE-2022-41766
+ - mediawiki <unfixed>
+ NOTE: https://phabricator.wikimedia.org/T316304
+CVE-2022-41766 [mediawiki: On action=rollback the message "alreadyrolled" can
leak revision deleted user name]
RESERVED
-CVE-2022-41765
+ - mediawiki <unfixed>
+ [bullseye] - mediawiki <not-affected> (Vulnerable code not present,
only affects 1.37 and later)
+ [buster] - mediawiki <not-affected> (Vulnerable code not present, only
affects 1.37 and later)
+ NOTE: https://phabricator.wikimedia.org/T307278
+CVE-2022-41765 [mediawiki: HTMLUserTextField exposes existence of hidden users]
RESERVED
+ - mediawiki <unfixed>
+ NOTE: https://phabricator.wikimedia.org/T309894
CVE-2022-41764
RESERVED
CVE-2022-41763
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e28976fa776b6267d1071256f490fe198cd05bc9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e28976fa776b6267d1071256f490fe198cd05bc9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
