[Git][security-tracker-team/security-tracker][master] Add initial tracking for four CVEs for mediawiki

Fri, 24 Dec 2021 01:31:54 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2c865fcd by Salvatore Bonaccorso at 2021-12-24T10:31:15+01:00
Add initial tracking for four CVEs for mediawiki

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,24 @@
 CVE-2021-45474 (In MediaWiki through 1.37, the Special:ImportFile URI (aka 
FileImporte ...)
-       TODO: check
+       - mediawiki <unfixed>
+       NOTE: 
https://gerrit.wikimedia.org/r/q/Id1c8910aeac5b452fbabeddab70360765518223e
+       NOTE: https://phabricator.wikimedia.org/T296605
+       TODO: check, fixing versions
 CVE-2021-45473 (In MediaWiki through 1.37, Wikibase item descriptions allow 
XSS, which ...)
-       TODO: check
+       - mediawiki <unfixed>
+       NOTE: 
https://gerrit.wikimedia.org/r/q/I3cd080a1a7dacd7396d37ee0c98cff0b4e241f8d
+       NOTE: https://phabricator.wikimedia.org/T294693
+       TODO: check, fixing versions
 CVE-2021-45472 (In MediaWiki through 1.37, XSS can occur in Wikibase because 
an extern ...)
-       TODO: check
+       - mediawiki <unfixed>
+       NOTE: 
https://gerrit.wikimedia.org/r/q/I37ece1dfdc80d38055067c9c4fa73ba591acd8bd
+       NOTE: https://phabricator.wikimedia.org/T297570
+       TODO: check, fixing versions
 CVE-2021-45471 (In MediaWiki through 1.37, blocked IP addresses are allowed to 
edit En ...)
-       TODO: check
+       - mediawiki <unfixed>
+       NOTE: 
https://gerrit.wikimedia.org/r/q/Iac86cf63bd014ef99e83dccfce9b8942e15d2bf9
+       NOTE: 
https://gerrit.wikimedia.org/r/q/Id9af124427bcd1e85301d2140a38bf47bbc5622c
+       NOTE: https://phabricator.wikimedia.org/T296578
+       TODO: check, fixing versions
 CVE-2021-45470 (lib/DatabaseLayer.py in cve-search before 4.1.0 allows regular 
express ...)
        NOT-FOR-US: cve-search
 CVE-2021-4161



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c865fcdcc8b8e43927739586e37f052c75fcc78

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c865fcdcc8b8e43927739586e37f052c75fcc78
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to