Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: a624e0ab by Moritz Muehlenhoff at 2023-07-01T20:13:52+02:00 mediawiki fixed in sid - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,7 @@ +CVE-2023-36674 [Manualthumb bypasses badFile lookup] + - mediawiki 1:1.39.4-1 + NOTE: https://phabricator.wikimedia.org/T335612 + NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/934571/ CVE-2023-37252 NOT-FOR-US: MediaWiki extension CheckUser CVE-2023-37253 @@ -652,9 +656,7 @@ CVE-2023-2993 (A valid, authenticated user with limited privileges may be able t CVE-2023-2992 (An unauthenticated denial of service vulnerability exists in the SMM v ...) NOT-FOR-US: Lenovo CVE-2023-36675 (An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1. ...) - - mediawiki <unfixed> - [bookworm] - mediawiki <postponed> (Fix in next security release) - [bullseye] - mediawiki <postponed> (Fix in next security release) + - mediawiki 1:1.39.4-1 NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/921452 NOTE: https://phabricator.wikimedia.org/T332889 CVE-2023-36666 (INEX IXP-Manager before 6.3.1 allows XSS. list-preamble.foil.php, page ...) @@ -12086,9 +12088,7 @@ CVE-2023-29143 CVE-2023-29142 RESERVED CVE-2023-29141 (An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1. ...) - - mediawiki <unfixed> - [bookworm] - mediawiki <no-dsa> (Minor issue) - [bullseye] - mediawiki <no-dsa> (Minor issue) + - mediawiki 1:1.39.4-1 [buster] - mediawiki <no-dsa> (Minor issue) NOTE: https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39 NOTE: https://phabricator.wikimedia.org/T285159 ===================================== data/dsa-needed.txt ===================================== @@ -30,6 +30,8 @@ linux (carnil) Wait until more issues have piled up, though try to regulary rebase for point releases to more recent v5.10.y versions -- +mediawiki (jmm) +-- nbconvert/oldstable Guilhem Moulin proposed an update ready for review -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a624e0ab90803c56de9fef3d2845ffd0f08d5e5c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a624e0ab90803c56de9fef3d2845ffd0f08d5e5c You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits