Summary: | <www-apps/mediawiki-1.34.1: Multiple vulnerabilities (CVE-2020-{10959,10960}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | robbat2, web-apps |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B4 [noglsa cve] | ||
Package list: |
=www-apps/mediawiki-1.34.1 amd64 ppc x86
|
Runtime testing required: | --- |
Description
Sam James
2020-04-09 04:24:15 UTC
@maintainer(s), please advise if ready for stabilisation, or call yourself. Thanks! amd64 stable ppc stable x86 stable. Maintainer(s), please cleanup. Security, please vote. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3aab280b1d8d344e9067c17352eab7c2bad5cdca commit 3aab280b1d8d344e9067c17352eab7c2bad5cdca Author: Miroslav Šulc <fordfrog@gentoo.org> AuthorDate: 2020-04-12 04:37:49 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2020-04-12 04:37:49 +0000 www-apps/mediawiki: removed old vulnerable 1.34.0 Bug: https://bugs.gentoo.org/716752 Package-Manager: Portage-2.3.98, Repoman-2.3.22 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> www-apps/mediawiki/Manifest | 1 - www-apps/mediawiki/mediawiki-1.34.0.ebuild | 79 ------------------------------ 2 files changed, 80 deletions(-) Resetting sanity check; package list is empty or all packages are done. I think we can classify these as XSS, so noglsa. @robbat2, can you verify wiki.*'s fork isn't vulnerable to these? |