Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dc2c64d7 by Moritz Mühlenhoff at 2024-03-31T21:02:39+02:00
mediawiki DSA
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,6 @@
CVE-2024-XXXX [mediawiki: XSS in edit summary parser]
- mediawiki 1:1.39.7-1
+ [bookworm] - mediawiki 1:1.39.7-1~deb12u1
[bullseye] - mediawiki <not-affected> (Vulnerable code not present,
introduced in 1.38)
[buster] - mediawiki <not-affected> (Vulnerable code not present,
introduced in 1.38)
NOTE:
https://lists.wikimedia.org/hyperkitty/list/wikitec...@lists.wikimedia.org/thread/V3WXEPXV2DU6WTVEKK4XHW4QXD5OFKD7/
@@ -7,6 +8,8 @@ CVE-2024-XXXX [mediawiki: XSS in edit summary parser]
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1015422
CVE-2024-XXXX [mediawiki: Denial of service vector via GET request to
Special:MovePage on pages with thousands of subpages]
- mediawiki 1:1.39.7-1
+ [bookworm] - mediawiki 1:1.39.7-1~deb12u1
+ [bookworm] - mediawiki 1:1.39.7-1~deb12u1
NOTE:
https://lists.wikimedia.org/hyperkitty/list/wikitec...@lists.wikimedia.org/thread/V3WXEPXV2DU6WTVEKK4XHW4QXD5OFKD7/
NOTE: https://phabricator.wikimedia.org/T357760
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1015423
@@ -21987,7 +21990,7 @@ CVE-2023-51707 (MotionPro in Array ArrayOS AG before
9.4.0.505 on AG and vxAG al
NOT-FOR-US: MotionPro
CVE-2023-51704 (An issue was discovered in MediaWiki before 1.35.14, 1.36.x
through 1. ...)
- mediawiki 1:1.39.6-1
- [bookworm] - mediawiki <postponed> (Minor issue, fix along in next
update)
+ [bookworm] - mediawiki 1:1.39.7-1~deb12u1
[bullseye] - mediawiki <postponed> (Minor issue, fix along in next
update)
[buster] - mediawiki <postponed> (Minor issue, fix along in next update)
NOTE:
https://lists.wikimedia.org/hyperkitty/list/wikitec...@lists.wikimedia.org/thread/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52/
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[31 Mar 2024] DSA-5651-1 mediawiki - security update
+ [bullseye] - mediawiki 1:1.35.13-1+deb11u2
+ [bookworm] - mediawiki 1:1.39.7-1~deb12u1
[31 Mar 2024] DSA-5650-1 util-linux - security update
{CVE-2024-28085}
[bullseye] - util-linux 2.36.1-8+deb11u2
=====================================
data/dsa-needed.txt
=====================================
@@ -44,8 +44,6 @@ linux (carnil)
Wait until more issues have piled up, though try to regulary rebase for point
releases to more recent v5.10.y and 6.1.y versions
--
-mediawiki (jmm)
---
nbconvert/oldstable
Guilhem Moulin proposed an update ready for review
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc2c64d749a440a53d061a2e142fb133ff1dd8ed
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc2c64d749a440a53d061a2e142fb133ff1dd8ed
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
