diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2022-07-04 11:58:36 +0200 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2022-07-04 11:58:36 +0200 |
commit | fa85bb5833b38a54e7439e795a3bef384b292ed3 (patch) | |
tree | 6d47206bd1085a0697d3bd69d91a3c5cef09089e | |
parent | a69f26b803c3660d4316ca7e0bfbf522819f2e80 (diff) |
mediawiki fixed, add additional references
-rw-r--r-- | data/CVE/list | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/data/CVE/list b/data/CVE/list index f583e469cd..1f243f6888 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -21,17 +21,19 @@ CVE-2022-34914 CVE-2022-34913 (** DISPUTED ** md2roff 1.7 has a stack-based buffer overflow via a Mar ...) TODO: check CVE-2022-34912 (An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1 ...) - - mediawiki <unfixed> + - mediawiki 1:1.35.7-1 [bullseye] - mediawiki <postponed> (Minor issue, fix along with next security release) [buster] - mediawiki <postponed> (Minor issue, fix along with next security release) NOTE: https://phabricator.wikimedia.org/T308473 NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/807225/ + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/PIPYDRSHXOYW5DB7X755QDNUV5EZWPWB/ CVE-2022-34911 (An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x ...) - - mediawiki <unfixed> + - mediawiki 1:1.35.7-1 [bullseye] - mediawiki <postponed> (Minor issue, fix along with next security release) [buster] - mediawiki <postponed> (Minor issue, fix along with next security release) NOTE: https://phabricator.wikimedia.org/T308471 NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/805208 + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/PIPYDRSHXOYW5DB7X755QDNUV5EZWPWB/ CVE-2022-2290 (Cross-site Scripting (XSS) - Reflected in GitHub repository zadam/tril ...) NOT-FOR-US: Trilium Notes CVE-2022-2289 (Use After Free in GitHub repository vim/vim prior to 9.0. ...) @@ -10032,10 +10034,16 @@ CVE-2022-31092 (Pimcore is an Open Source Data & Experience Management Platf NOT-FOR-US: Pimcore CVE-2022-31091 (Guzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` he ...) - guzzle <unfixed> + - mediawiki 1:1.35.7-1 + [bullseye] - mediawiki <postponed> (Minor issue, fix along with next security release) + [buster] - mediawiki <postponed> (Minor issue, fix along with next security release) NOTE: https://github.com/guzzle/guzzle/security/advisories/GHSA-q559-8m2m-g699 NOTE: https://github.com/guzzle/guzzle/commit/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82 (7.4.5) CVE-2022-31090 (Guzzle, an extensible PHP HTTP client. `Authorization` headers on requ ...) - guzzle <unfixed> + - mediawiki 1:1.35.7-1 + [bullseye] - mediawiki <postponed> (Minor issue, fix along with next security release) + [buster] - mediawiki <postponed> (Minor issue, fix along with next security release) NOTE: https://github.com/guzzle/guzzle/security/advisories/GHSA-25mq-v84q-4j7r NOTE: https://github.com/guzzle/guzzle/commit/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82 (7.4.5) CVE-2022-31089 (Parse Server is an open source backend that can be deployed to any inf ...) @@ -10156,10 +10164,16 @@ CVE-2022-31044 (Rundeck is an open source automation service with a web console, NOT-FOR-US: Rundesk CVE-2022-31043 (Guzzle is an open source PHP HTTP client. In affected versions `Author ...) - guzzle 7.4.4-1 (bug #1012821) + - mediawiki 1:1.35.7-1 + [bullseye] - mediawiki <postponed> (Minor issue, fix along with next security release) + [buster] - mediawiki <postponed> (Minor issue, fix along with next security release) NOTE: https://github.com/guzzle/guzzle/security/advisories/GHSA-w248-ffj2-4v5q NOTE: https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8 (7.4.4) CVE-2022-31042 (Guzzle is an open source PHP HTTP client. In affected versions the `Co ...) - guzzle 7.4.4-1 (bug #1012821) + - mediawiki 1:1.35.7-1 + [bullseye] - mediawiki <postponed> (Minor issue, fix along with next security release) + [buster] - mediawiki <postponed> (Minor issue, fix along with next security release) NOTE: https://github.com/guzzle/guzzle/security/advisories/GHSA-f2wf-25xc-69c9 NOTE: https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8 (7.4.4) CVE-2022-31041 (Open Forms is an application for creating and publishing smart forms. ...) @@ -15583,7 +15597,13 @@ CVE-2022-29249 (JavaEZ is a library that adds new functions to make Java easier. NOT-FOR-US: JavaEZLib/JavaEZ CVE-2022-29248 (Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 ...) - guzzle 7.4.4-1 (bug #1011636) + - mediawiki 1:1.35.7-1 + [bullseye] - mediawiki <postponed> (Minor issue, fix along with next security release) + [buster] - mediawiki <postponed> (Minor issue, fix along with next security release) NOTE: https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3 + NOTE: https://phabricator.wikimedia.org/T308473 + NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/807225/ + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/PIPYDRSHXOYW5DB7X755QDNUV5EZWPWB/ CVE-2022-29247 (Electron is a framework for writing cross-platform desktop application ...) - electron <itp> (bug #842420) CVE-2022-29246 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded st ...) |