Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 2c865fcd by Salvatore Bonaccorso at 2021-12-24T10:31:15+01:00 Add initial tracking for four CVEs for mediawiki - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,11 +1,24 @@ CVE-2021-45474 (In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporte ...) - TODO: check + - mediawiki <unfixed> + NOTE: https://gerrit.wikimedia.org/r/q/Id1c8910aeac5b452fbabeddab70360765518223e + NOTE: https://phabricator.wikimedia.org/T296605 + TODO: check, fixing versions CVE-2021-45473 (In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which ...) - TODO: check + - mediawiki <unfixed> + NOTE: https://gerrit.wikimedia.org/r/q/I3cd080a1a7dacd7396d37ee0c98cff0b4e241f8d + NOTE: https://phabricator.wikimedia.org/T294693 + TODO: check, fixing versions CVE-2021-45472 (In MediaWiki through 1.37, XSS can occur in Wikibase because an extern ...) - TODO: check + - mediawiki <unfixed> + NOTE: https://gerrit.wikimedia.org/r/q/I37ece1dfdc80d38055067c9c4fa73ba591acd8bd + NOTE: https://phabricator.wikimedia.org/T297570 + TODO: check, fixing versions CVE-2021-45471 (In MediaWiki through 1.37, blocked IP addresses are allowed to edit En ...) - TODO: check + - mediawiki <unfixed> + NOTE: https://gerrit.wikimedia.org/r/q/Iac86cf63bd014ef99e83dccfce9b8942e15d2bf9 + NOTE: https://gerrit.wikimedia.org/r/q/Id9af124427bcd1e85301d2140a38bf47bbc5622c + NOTE: https://phabricator.wikimedia.org/T296578 + TODO: check, fixing versions CVE-2021-45470 (lib/DatabaseLayer.py in cve-search before 4.1.0 allows regular express ...) NOT-FOR-US: cve-search CVE-2021-4161 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c865fcdcc8b8e43927739586e37f052c75fcc78 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c865fcdcc8b8e43927739586e37f052c75fcc78 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits