[Wikidata-bugs] [Maniphest] [Commented On] T233213: XSS in Wikidata Query Service UI, DATATYPE_MATHML - CVE-2019-19329
Pablo-WMDE added a comment. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19329 TASK DETAIL https://phabricator.wikimedia.org/T233213 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: Addshore, Pablo-WMDE Cc: Tarrow, hoo, Jakob_WMDE, Rosalie_WMDE, Pablo-WMDE, darthmon_wmde, WMDE-leszek, JBennett, Physikerwelt, Mathew.onipe, Reedy, johl, Lea_Lacroix_WMDE, Lydia_Pintscher, alaa_wmde, Addshore, sbassett, dcausse, Gehel, Aklapper, Lucas_Werkmeister_WMDE, Hook696, Daryl-TTMG, RomaAmorRoma, 0010318400, E.S.A-Sheild, Iflorez, JFishback_WMF, Dsharpe, Meekrab2012, joker88john, DannyS712, CucyNoiD, Nandana, NebulousIris, Gaboe420, Versusxo, Majesticalreaper22, Amorymeltzer, Giuliamocci, Adrian1985, Cpaulf30, Lahi, Gq86, Af420, Darkminds3113, Bsandipan, Lordiis, GoranSMilovanovic, Adik2382, Th3d3v1ls, Ramalepe, Liugev6, QZanden, EBjune, HJiang-WMF, merbst, LawExplorer, Salgo60, WSH1906, Lewizho99, Maathavan, _jensen, rosalieper, Scott_WUaS, Jonas, Xmlizer, dpatrick, Luke081515, jkroll, Smalyshev, Wikidata-bugs, Jdouglas, aude, Tobias1984, GWicke, Bawolff, Stype_and_Co.-WMF, Manybubbles, DerHexer, Jalexander, Parent5446, Anomie, Grunny, He7d3r, MaxSem, csteipp, Mbch331, Rxy, Jay8g, Legoktm, chasemp ___ Wikidata-bugs mailing list Wikidata-bugs@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs
[Wikidata-bugs] [Maniphest] [Commented On] T233213: XSS in Wikidata Query Service UI
gerritbot added a comment. Change 552293 **merged** by jenkins-bot: [wikidata/query/gui@master] Add security task to Gruntfile https://gerrit.wikimedia.org/r/552293 TASK DETAIL https://phabricator.wikimedia.org/T233213 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: Addshore, gerritbot Cc: Tarrow, hoo, Jakob_WMDE, Rosalie_WMDE, Pablo-WMDE, darthmon_wmde, WMDE-leszek, JBennett, Physikerwelt, Mathew.onipe, Reedy, johl, Lea_Lacroix_WMDE, Lydia_Pintscher, alaa_wmde, Addshore, sbassett, dcausse, Gehel, Aklapper, Lucas_Werkmeister_WMDE, Hook696, Daryl-TTMG, RomaAmorRoma, 0010318400, E.S.A-Sheild, Iflorez, JFishback_WMF, Dsharpe, Meekrab2012, joker88john, DannyS712, CucyNoiD, Nandana, NebulousIris, Gaboe420, Versusxo, Majesticalreaper22, Amorymeltzer, Giuliamocci, Adrian1985, Cpaulf30, Lahi, Gq86, Af420, Darkminds3113, Bsandipan, Lordiis, GoranSMilovanovic, Adik2382, Th3d3v1ls, Ramalepe, Liugev6, QZanden, EBjune, HJiang-WMF, merbst, LawExplorer, Salgo60, WSH1906, Lewizho99, Maathavan, _jensen, rosalieper, Scott_WUaS, Jonas, Xmlizer, dpatrick, Luke081515, jkroll, Smalyshev, Wikidata-bugs, Jdouglas, aude, Tobias1984, GWicke, Bawolff, Stype_and_Co.-WMF, Manybubbles, DerHexer, Jalexander, Parent5446, Anomie, Grunny, He7d3r, MaxSem, csteipp, Mbch331, Rxy, Jay8g, Legoktm, chasemp ___ Wikidata-bugs mailing list Wikidata-bugs@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs
[Wikidata-bugs] [Maniphest] [Commented On] T233213: XSS in Wikidata Query Service UI
gerritbot added a comment. Change 552293 had a related patch set uploaded (by Lucas Werkmeister (WMDE); owner: Lucas Werkmeister (WMDE)): [wikidata/query/gui@master] Add security task to Gruntfile https://gerrit.wikimedia.org/r/552293 TASK DETAIL https://phabricator.wikimedia.org/T233213 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: Addshore, gerritbot Cc: Tarrow, hoo, Jakob_WMDE, Rosalie_WMDE, Pablo-WMDE, darthmon_wmde, WMDE-leszek, JBennett, Physikerwelt, Mathew.onipe, Reedy, johl, Lea_Lacroix_WMDE, Lydia_Pintscher, alaa_wmde, Addshore, sbassett, dcausse, Gehel, Aklapper, Lucas_Werkmeister_WMDE, Iflorez, JFishback_WMF, Dsharpe, DannyS712, Nandana, Amorymeltzer, Lahi, Gq86, GoranSMilovanovic, QZanden, EBjune, HJiang-WMF, merbst, LawExplorer, Salgo60, _jensen, rosalieper, Scott_WUaS, Jonas, Xmlizer, dpatrick, Luke081515, jkroll, Smalyshev, Wikidata-bugs, Jdouglas, aude, Tobias1984, GWicke, Bawolff, Stype_and_Co.-WMF, Manybubbles, DerHexer, Jalexander, Parent5446, Anomie, Grunny, He7d3r, MaxSem, csteipp, Mbch331, Rxy, Jay8g, Legoktm, chasemp ___ Wikidata-bugs mailing list Wikidata-bugs@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs
[Wikidata-bugs] [Maniphest] [Commented On] T233213: XSS in Wikidata Query Service UI
WMDE-leszek added a comment. Thanks @sbassett for opening the task and summarizing the status. WMDE is going to create the CVE soon (we're currently out at the conference, so that's why we've gotten to do it yet). TASK DETAIL https://phabricator.wikimedia.org/T233213 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: WMDE-leszek Cc: Tarrow, hoo, Jakob_WMDE, Rosalie_WMDE, Pablo-WMDE, darthmon_wmde, WMDE-leszek, JBennett, Physikerwelt, Mathew.onipe, Reedy, johl, Lea_Lacroix_WMDE, Lydia_Pintscher, alaa_wmde, Addshore, sbassett, dcausse, Gehel, Aklapper, Lucas_Werkmeister_WMDE, Iflorez, JFishback_WMF, Dsharpe, DannyS712, Nandana, Amorymeltzer, Lahi, Gq86, GoranSMilovanovic, QZanden, EBjune, HJiang-WMF, merbst, LawExplorer, Salgo60, _jensen, rosalieper, Scott_WUaS, Jonas, Xmlizer, dpatrick, Luke081515, jkroll, Smalyshev, Wikidata-bugs, Jdouglas, aude, Tobias1984, GWicke, Bawolff, Stype_and_Co.-WMF, Manybubbles, DerHexer, Jalexander, Parent5446, Anomie, Grunny, He7d3r, MaxSem, csteipp, Mbch331, Rxy, Jay8g, Legoktm, chasemp ___ Wikidata-bugs mailing list Wikidata-bugs@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs
