Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9057ad25 by Moritz Muehlenhoff at 2021-04-09T15:09:42+02:00
mediawiki fixed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -59,7 +59,8 @@ CVE-2021-30460
CVE-2021-30459
RESERVED
CVE-2021-30458 (An issue was discovered in Wikimedia Parsoid before 0.11.1 and
0.12.x ...)
- TODO: check
+ - mediawiki 1:1.35.2-1
+ NOTE: https://phabricator.wikimedia.org/T279451
CVE-2021-30457 (An issue was discovered in the id-map crate through 2021-02-26
for Rus ...)
NOT-FOR-US: Rust crate id-map
CVE-2021-30456 (An issue was discovered in the id-map crate through 2021-02-26
for Rus ...)
@@ -722,27 +723,37 @@ CVE-2019-25026 (Redmine before 3.4.13 and 4.x before
4.0.6 mishandles markup dat
CVE-2021-30160
RESERVED
CVE-2021-30159 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x
through ...)
- TODO: check
+ - mediawiki 1:1.35.2-1
+ NOTE: https://phabricator.wikimedia.org/T272386
+ NOTE:
https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html
CVE-2021-30158 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x
through ...)
- - mediawiki <unfixed>
+ - mediawiki 1:1.35.2-1
NOTE: https://phabricator.wikimedia.org/T277009
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/670546
CVE-2021-30157 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x
through ...)
- - mediawiki <unfixed>
+ - mediawiki 1:1.35.2-1
NOTE: https://phabricator.wikimedia.org/T278058
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/674085
CVE-2021-30156 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x
through ...)
- TODO: check
+ - mediawiki 1:1.35.2-1
+ NOTE: https://phabricator.wikimedia.org/T276306
CVE-2021-30155 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x
through ...)
- TODO: check
+ - mediawiki 1:1.35.2-1
+ NOTE: https://phabricator.wikimedia.org/T270988
+ NOTE:
https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html
CVE-2021-30154 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x
through ...)
- - mediawiki <unfixed>
+ - mediawiki 1:1.35.2-1
NOTE: https://phabricator.wikimedia.org/T278014
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/674083/
CVE-2021-30153
RESERVED
+ - mediawiki 1:1.35.2-1
+ NOTE: https://phabricator.wikimedia.org/T270453
+ NOTE:
https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html
CVE-2021-30152 (An issue was discovered in MediaWiki before 1.31.13 and 1.32.x
through ...)
- TODO: check
+ - mediawiki 1:1.35.2-1
+ NOTE: https://phabricator.wikimedia.org/T270713
+ NOTE:
https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html
CVE-2021-30151 (Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the
queue n ...)
- ruby-sidekiq <unfixed>
NOTE: https://github.com/mperham/sidekiq/issues/4852
@@ -7190,6 +7201,7 @@ CVE-2021-27292 (ua-parser-js >= 0.7.14, fixed in
0.7.24, uses a regular expre
CVE-2021-27291 (In pygments 1.1+, fixed in 2.7.4, the lexers used to parse
programming ...)
{DSA-4878-1 DLA-2600-1}
- pygments <unfixed> (bug #985574)
+ - mediawiki 1:1.35.2-1
NOTE: https://gist.github.com/b-c-ds/b1a2cc0c68a35c57188575eb496de5ce
NOTE:
https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14
CVE-2021-27290 (ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a
regular expre ...)
@@ -24618,6 +24630,7 @@ CVE-2021-20271 (A flaw was found in RPM's signature
check functionality when rea
CVE-2021-20270 (An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3
may lea ...)
{DSA-4870-1 DLA-2590-1}
- pygments 2.7.1+dfsg-2 (bug #984664)
+ - mediawiki 1:1.35.2-1
NOTE: https://github.com/pygments/pygments/issues/1625
NOTE:
https://github.com/pygments/pygments/commit/f91804ff4772e3ab41f46e28d370f57898700333
CVE-2021-20269 [incorrect permissions on kdump dmesg file]
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9057ad2505dc7a6693e8fff4cd6b09a84c2c3d24
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9057ad2505dc7a6693e8fff4cd6b09a84c2c3d24
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
