[Git][security-tracker-team/security-tracker][master] 2 commits: LTS: CVE-2020-15005/mediawiki will be fixed

Tue, 22 Dec 2020 17:30:20 -0800 


Roberto C. Sánchez pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
82a98030 by Roberto C. Sánchez at 2020-12-22T20:11:54-05:00
LTS: CVE-2020-15005/mediawiki will be fixed

- - - - -
ffc529a3 by Roberto C. Sánchez at 2020-12-22T20:29:56-05:00
Reserve DLA-2504-1 for mediawiki

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -41021,7 +41021,6 @@ CVE-2020-15006 (Bludit 3.12.0 allows stored XSS via 
JavaScript code in an SVG do
 CVE-2020-15005 (In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, 
and 1.34. ...)
        {DSA-4767-1}
        - mediawiki 1:1.31.8-1
-       [stretch] - mediawiki <postponed> (Minor issue)
        NOTE: 
https://lists.wikimedia.org/pipermail/wikitech-l/2020-June/093535.html
 CVE-2020-15004 (OX App Suite through 7.10.3 allows stats/diagnostic?param= 
XSS. ...)
        NOT-FOR-US: Open-Xchange App Suite


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[22 Dec 2020] DLA-2504-1 mediawiki - security update
+       {CVE-2020-15005 CVE-2020-35477 CVE-2020-35479 CVE-2020-35480}
+       [stretch] - mediawiki 1:1.27.7-1~deb9u7
 [22 Dec 2020] DLA-2412-2 openjdk-8 - regression update
        [stretch] - openjdk-8 8u275-b01-1~deb9u1
 [21 Dec 2020] DLA-2503-1 node-ini - security update


=====================================
data/dla-needed.txt
=====================================
@@ -91,8 +91,6 @@ mariadb-10.1 (Adrian Bunk)
   NOTE: 20201207: still ongoing (bunk)
   NOTE: 20201220: debugging test failure in local build (bunk)
 --
-mediawiki (Roberto C. Sánchez)
---
 mumble
   NOTE: 20200325: Regression in last upload, forgot to follow up.
   NOTE: 20200325: https://github.com/mumble-voip/mumble/issues/3605 (abhijith)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/45060b59935ed05698d9d6ab7bb2bfe4e014be4c...ffc529a3709ee9860c8640dc796bbfff4f9029c1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/45060b59935ed05698d9d6ab7bb2bfe4e014be4c...ffc529a3709ee9860c8640dc796bbfff4f9029c1
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to