Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker
Commits: b37cad8d by Guilhem Moulin at 2023-11-28T01:18:00+01:00 Mark CVE-2023-45360/mediawiki as no-dsa for buster. Prior to 1.32 all sysops could edit sitewide CSS/JS hence inject XSS via MediaWiki:Common.js or similar. This was changed in 1.32 following https://phabricator.wikimedia.org/T120886 and https://phabricator.wikimedia.org/T190015. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -8240,6 +8240,7 @@ CVE-2023-40310 (SAP PowerDesignerClient- version 16.7, does not sufficiently val CVE-2023-45360 (An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1. ...) {DSA-5520-1} - mediawiki 1:1.39.5-1 + [buster] - mediawiki <no-dsa> (Minor issue: prior to 1.32 any sysop could edit sitewide CSS/JS anyway) NOTE: https://phabricator.wikimedia.org/T340221 CVE-2023-45362 (An issue was discovered in DifferenceEngine.php in MediaWiki before 1. ...) {DSA-5520-1} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b37cad8dfadbfb7305099cd54f45db51545b6a87 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b37cad8dfadbfb7305099cd54f45db51545b6a87 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
