[Git][security-tracker-team/security-tracker][master] new mediawiki issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 40720b12 by Moritz Muehlenhoff at 2023-12-22T09:27:30+01:00 new mediawiki issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -37,7 +37,11 @@ CVE-2023-51708 (Bentley eB System Management Console applications within Assetwi CVE-2023-51707 (MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG allows r ...) NOT-FOR-US: MotionPro CVE-2023-51704 (An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1. ...) - TODO: check + - mediawiki + [bookworm] - mediawiki (Minor issue, fix along in next update) + [bullseye] - mediawiki (Minor issue, fix along in next update) + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitec...@lists.wikimedia.org/thread/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52/ + NOTE: https://phabricator.wikimedia.org/T347726 CVE-2023-51380 (An incorrect authorization vulnerability was identified in GitHub Ente ...) TODO: check CVE-2023-51379 (An incorrect authorization vulnerability was identified in GitHub Ente ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40720b1261a9724204f90d71c404367e4f62dfdd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40720b1261a9724204f90d71c404367e4f62dfdd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new mediawiki issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: bce5ec31 by Moritz Muehlenhoff at 2023-09-26T11:28:52+02:00 new mediawiki issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -162,7 +162,10 @@ CVE-2023-40163 (An out-of-bounds write vulnerability exists in the allocate_buff CVE-2023-3664 (The FileOrganizer WordPress plugin through 1.0.2 does not restrict fun ...) NOT-FOR-US: WordPress plugin CVE-2023-3550 (Mediawiki v1.40.0 does not validate namespaces used in XML files. The ...) - TODO: check + - mediawiki + [bookworm] - mediawiki (Wait until it lands in 1.39) + [bullseye] - mediawiki (Wait until it lands in 1.35) + NOTE: https://phabricator.wikimedia.org/T341565 CVE-2023-3547 (The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does ...) NOT-FOR-US: WordPress plugin CVE-2023-3226 (The Popup Builder WordPress plugin through 4.1.15 does not sanitise an ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bce5ec31c0360420a8044fff4402985e4edaf0be -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bce5ec31c0360420a8044fff4402985e4edaf0be You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new mediawiki issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 88f42467 by Moritz Muehlenhoff at 2023-06-26T11:32:28+02:00 new mediawiki issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,7 @@ CVE-2023-36675 (An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1. ...) - TODO: check + - mediawiki + NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/921452 + NOTE: https://phabricator.wikimedia.org/T332889 CVE-2023-3 (INEX IXP-Manager before 6.3.1 allows XSS. list-preamble.foil.php, page ...) NOT-FOR-US: INEX IXP-Manager CVE-2023-36664 (Artifex Ghostscript through 10.01.2 mishandles permission validation f ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88f424675f120e347c46f209d45a3de679420a6a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88f424675f120e347c46f209d45a3de679420a6a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new mediawiki issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: f81f60f9 by Moritz Muehlenhoff at 2022-12-25T19:50:14+01:00 new mediawiki issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -204,6 +204,10 @@ CVE-2022-47928 (In MISP before 2.4.167, there is XSS in the template file upload NOT-FOR-US: MISP CVE-2022-47927 RESERVED + - mediawiki 1:1.39.1-1 + [bullseye] - mediawiki (Minor issue, fix along in next security update) + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitec...@lists.wikimedia.org/thread/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/ + NOTE: https://phabricator.wikimedia.org/T322637 CVE-2022-47914 RESERVED CVE-2022-4680 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f81f60f927e0b7ae652594f1c540897eee39d720 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f81f60f927e0b7ae652594f1c540897eee39d720 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new mediawiki issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 3b6c7fd1 by Moritz Muehlenhoff at 2022-03-30T10:36:44+02:00 new mediawiki issue NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -19,21 +19,24 @@ CVE-2022-28211 CVE-2022-28210 RESERVED CVE-2022-28209 (An issue was discovered in Mediawiki through 1.37.1. The check for the ...) - TODO: check + NOT-FOR-US: MediaWiki AntiSpoof extension CVE-2022-28208 RESERVED CVE-2022-28207 RESERVED CVE-2022-28206 (An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidat ...) - TODO: check + NOT-FOR-US: MediaWiki FileImporter extension CVE-2022-28205 (An issue was discovered in MediaWiki through 1.37.1. The CentralAuth e ...) - TODO: check + NOT-FOR-US: MediaWiki CentralAuth extension CVE-2022-28204 RESERVED CVE-2022-28203 RESERVED CVE-2022-28202 (An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before ...) - TODO: check + - mediawiki + [bullseye] - mediawiki (Fix along in next security release) + [buster] - mediawiki (Fix along in next security release) + NOTE: https://phabricator.wikimedia.org/T297543 CVE-2022-28201 RESERVED CVE-2022-28200 @@ -97,7 +100,7 @@ CVE-2022-28172 CVE-2022-28171 RESERVED CVE-2022-1163 (Cross-site Scripting (XSS) - Stored in GitHub repository mineweb/minew ...) - TODO: check + NOT-FOR-US: minewebcms CVE-2022-1162 RESERVED CVE-2022-1161 @@ -263,7 +266,7 @@ CVE-2022-1124 CVE-2022-1123 RESERVED CVE-2021-46743 (In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., ...) - TODO: check + NOT-FOR-US: Firebase PHP-JWT CVE-2020-36521 RESERVED CVE-2022-28128 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b6c7fd1697e5140a05994a419a5a4c0fbe8deb5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b6c7fd1697e5140a05994a419a5a4c0fbe8deb5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new mediawiki issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: d6e43a06 by Moritz Muehlenhoff at 2021-06-24T16:27:58+02:00 new mediawiki issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -572,6 +572,11 @@ CVE-2021-35198 RESERVED CVE-2021-35197 RESERVED + - mediawiki + [bullseye] - mediawiki (Minor issue, wait until next 1.35.x release) + [buster] - mediawiki (Minor issue, wait until next 1.31.x release) + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitec...@lists.wikimedia.org/thread/YR3X4L2CPSEJVSY543AWEO65TD6APXHP/ + NOTE: https://phabricator.wikimedia.org/T280226 CVE-2021-35196 (** DISPUTED ** Manuskript through 0.12.0 allows remote attackers to ex ...) TODO: check CVE-2021-35195 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6e43a06ddee23991e009f6d9942d936cfb91794 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6e43a06ddee23991e009f6d9942d936cfb91794 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new mediawiki issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 393a649c by Moritz Muehlenhoff at 2019-12-12T11:19:05Z new mediawiki issue NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -40,7 +40,7 @@ CVE-2019-19731 CVE-2019-19730 RESERVED CVE-2019-19729 (An issue was discovered in the BSON ObjectID (aka bson-objectid) packa ...) - TODO: check + NOT-FOR-US: bsjon-objectid node module CVE-2019-19728 RESERVED CVE-2019-19727 @@ -1286,7 +1286,9 @@ CVE-2019-19711 CVE-2019-19710 RESERVED CVE-2019-19709 (MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklis ...) - TODO: check + - mediawiki + NOTE: https://gerrit.wikimedia.org/r/q/Ie54f366986056c876eade0fcad6c41f70b8b8de8 + NOTE: https://phabricator.wikimedia.org/T239466 CVE-2019-19708 (The VisualEditor extension through 1.34 for MediaWiki allows XSS via p ...) NOT-FOR-US: VisualEditor MediaWiki extension CVE-2019-19707 (On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmware thr ...) @@ -36818,7 +36820,7 @@ CVE-2019-9466 CVE-2019-9465 RESERVED CVE-2019-9464 (In various functions of RecentLocationApps.java, DevicePolicyManagerSe ...) - TODO: check + NOT-FOR-US: Android CVE-2019-9463 (In Platform, there is a possible bypass of user interaction requiremen ...) NOT-FOR-US: Android CVE-2019-9462 (In Bluetooth, there is a possible out of bounds read due to an incorre ...) @@ -48074,11 +48076,11 @@ CVE-2019-5086 (An exploitable integer overflow vulnerability exists in the flatt NOTE: https://github.com/j-jorge/xcftools/issues/12 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0878 CVE-2019-5085 (An exploitable code execution vulnerability exists in the DICOM packet ...) - TODO: check + NOT-FOR-US: LEADTOOLS CVE-2019-5084 (An exploitable heap out-of-bounds write vulnerability exists in the TI ...) NOT-FOR-US: LEADTOOLS CVE-2019-5083 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...) - TODO: check + NOT-FOR-US: Accusoft ImageGear CVE-2019-5082 RESERVED CVE-2019-5081 @@ -48092,7 +48094,7 @@ CVE-2019-5078 CVE-2019-5077 RESERVED CVE-2019-5076 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...) - TODO: check + NOT-FOR-US: Accusoft ImageGear CVE-2019-5075 RESERVED CVE-2019-5074 @@ -50365,19 +50367,19 @@ CVE-2019-3991 CVE-2019-3990 (A User Enumeration flaw exists in Harbor. The issue is present in the ...) NOT-FOR-US: Harbor CVE-2019-3989 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...) - TODO: check + NOT-FOR-US: Blink XT2 CVE-2019-3988 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...) - TODO: check + NOT-FOR-US: Blink XT2 CVE-2019-3987 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...) - TODO: check + NOT-FOR-US: Blink XT2 CVE-2019-3986 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...) - TODO: check + NOT-FOR-US: Blink XT2 CVE-2019-3985 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...) - TODO: check + NOT-FOR-US: Blink XT2 CVE-2019-3984 RESERVED CVE-2019-3983 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...) - TODO: check + NOT-FOR-US: Blink XT2 CVE-2019-3982 (Nessus versions 8.6.0 and earlier were found to contain a Denial of Se ...) NOT-FOR-US: Nessus CVE-2019-3981 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/393a649ccea17e2b610939f4e746a56df825e66d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/393a649ccea17e2b610939f4e746a56df825e66d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new mediawiki issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 41f8d53e by Moritz Muehlenhoff at 2019-09-27T09:23:16Z new mediawiki issue NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -468,7 +468,8 @@ CVE-2019-16740 CVE-2019-16739 RESERVED CVE-2019-16738 (In MediaWiki through 1.33.0, Special:Redirect allows information discl ...) - TODO: check + - mediawiki + NOTE: https://phabricator.wikimedia.org/T230402 CVE-2019-16737 RESERVED CVE-2019-16736 @@ -2748,7 +2749,7 @@ CVE-2019-15894 CVE-2019-15893 RESERVED CVE-2019-15891 (An issue was discovered in CKFinder through 2.6.2.1 and 3.x through 3. ...) - TODO: check + NOT-FOR-US: CKFinder CVE-2019-15890 (libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reas ...) {DLA-1927-1} - slirp4netns 0.4.1-1 (bug #939868) @@ -2828,7 +2829,7 @@ CVE-2019-15892 (An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6 NOTE: https://github.com/varnishcache/varnish-cache/commit/af13de03eaa3d04f60ada52ed3235d545b8d3973 NOTE: https://github.com/varnishcache/varnish-cache/commit/6da64a47beff44ecdb45c82b033811f2d19819af CVE-2019-15862 (An issue was discovered in CKFinder through 2.6.2.1. Improper checks o ...) - TODO: check + NOT-FOR-US: CKFinder CVE-2019-15861 RESERVED CVE-2019-15860 (Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc. NOTE: 2. ...) @@ -13373,7 +13374,7 @@ CVE-2019-12564 (In DouCo DouPHP v1.5 Release 20190516, remote attackers can view CVE-2019-12563 RESERVED CVE-2019-12562 (Cross-site scripting (XSS) is possible in DNN (formerly DotNetNuke) be ...) - TODO: check + NOT-FOR-US: DNN CVE-2019-12561 RESERVED CVE-2019-12560 @@ -16949,9 +16950,9 @@ CVE-2019-11281 CVE-2019-11280 (Pivotal Apps Manager, included in Pivotal Application Service versions ...) NOT-FOR-US: Pivotal CVE-2019-11279 (CF UAA versions prior to 74.1.0 can request scopes for a client that s ...) - TODO: check + NOT-FOR-US: Cloud Foundry CVE-2019-11278 (CF UAA versions prior to 74.1.0, allow external input to be directly q ...) - TODO: check + NOT-FOR-US: Cloud Foundry CVE-2019-11277 (Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2 ...) NOT-FOR-US: Cloud Foundry CVE-2019-11276 (Pivotal Apps Manager, included in Pivotal Application Service versions ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/41f8d53e38f4b26bdd909eff4a6f8f704475f753 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/41f8d53e38f4b26bdd909eff4a6f8f704475f753 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits