Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits: 887ed1a4 by Markus Koschany at 2023-07-10T22:35:50+02:00 CVE-2023-36674,mediawiki: Buster is not affected. The BadFileLookup mechanism was introduced in version 1.35. - - - - - b6e8b952 by Markus Koschany at 2023-07-10T22:35:51+02:00 Reserve DLA-3489-1 for mediawiki - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -808,6 +808,7 @@ CVE-2023-34211 CVE-2023-36674 [Manualthumb bypasses badFile lookup] {DSA-5447-1} - mediawiki 1:1.39.4-1 + [buster] - mediawiki <not-affected> (BadFileLookup was introduced in version 1.35) NOTE: https://phabricator.wikimedia.org/T335612 NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/934571/ CVE-2023-37252 ===================================== data/DLA/list ===================================== @@ -1,3 +1,6 @@ +[10 Jul 2023] DLA-3489-1 mediawiki - security update + {CVE-2022-47927} + [buster] - mediawiki 1:1.31.16-1+deb10u5 [10 Jul 2023] DLA-3488-1 node-tough-cookie - security update {CVE-2023-26136} [buster] - node-tough-cookie 2.3.4+dfsg-1+deb10u1 ===================================== data/dla-needed.txt ===================================== @@ -101,9 +101,6 @@ libreoffice (Abhijith PA) linux (Ben Hutchings) NOTE: 20230111: perma-added for LTS package-specific delegation (bwh) -- -mediawiki (Markus Koschany) - NOTE: 20230701: Added by Front-Desk (ta) --- nova NOTE: 20230302: Re-add, request by maintainer (Beuc) NOTE: 20230302: zigo says that DLA 3302-1 ships a buster-specific CVE-2022-47951 backport that introduces regression View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9e1583d0643f3ebbf801b08aaaced4e546df8425...b6e8b95224386b1ea0fa2398a74b4f7bd01d8340 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9e1583d0643f3ebbf801b08aaaced4e546df8425...b6e8b95224386b1ea0fa2398a74b4f7bd01d8340 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits