Page MenuHomePhabricator
Create Task
Maniphest T233495

Tracking bug for MediaWiki 1.31.6/1.32.6/1.33.2/1.34.0 security release
Closed, ResolvedPublic
Actions

Description

Previous work T225152: Tracking bug for MediaWiki 1.31.4/1.32.4/1.33.1 security release

Tracking bug for next security release

Maniphest IDCVE IDREL1_31REL1_32REL1_33REL1_34master
T239466: Possible to circumvent title-blacklist (CVE-2019-19709)CVE-2019-19709https://gerrit.wikimedia.org/r/c/556287https://gerrit.wikimedia.org/r/c/mediawiki/core/+/556286https://gerrit.wikimedia.org/r/c/mediawiki/core/+/556284https://gerrit.wikimedia.org/r/c/mediawiki/core/+/554900https://gerrit.wikimedia.org/r/c/mediawiki/core/+/554084
T192134: Personal and site-wide CSS and JavaScript is loaded on Special:PasswordResethardening, no CVEhttps://gerrit.wikimedia.org/r/c/556077https://gerrit.wikimedia.org/r/c/556076https://gerrit.wikimedia.org/r/c/556075https://gerrit.wikimedia.org/r/c/556074https://gerrit.wikimedia.org/r/c/556073
T212067: wfParseUrl() incorrectly parses hostnames in older PHP versions and HHVM due to bug in parse_url() (CVE-2016-10397 [PHP])upstream with PHPhttps://gerrit.wikimedia.org/r/c/557090/https://gerrit.wikimedia.org/r/c/557062/

Related Objects
Search...

Event Timeline

Reedy created this task.Sep 21 2019, 9:22 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 21 2019, 9:22 PM
Reedy added a project: MediaWiki-Releasing.Sep 21 2019, 9:24 PM
Reedy added a subtask: T232932: User content can redirect the logout button to different URL (CVE-2020-10959).Oct 7 2019, 6:49 PM
Reedy renamed this task from Tracking bug for MediaWiki 1.31.5/1.32.5/1.33.2 security release to Tracking bug for MediaWiki 1.31.6/1.32.6/1.33.2 security release.Oct 12 2019, 12:01 AM
Reedy updated the task description. (Show Details)Oct 12 2019, 12:10 AM
sbassett mentioned this in T234450: Special:Contributions requests with a high &limit= caused excessive database load.Oct 22 2019, 2:44 PM
Reedy triaged this task as Medium priority.Nov 1 2019, 11:34 AM
Reedy added a subtask: T212067: wfParseUrl() incorrectly parses hostnames in older PHP versions and HHVM due to bug in parse_url() (CVE-2016-10397 [PHP]).Dec 10 2019, 10:47 PM
Reedy mentioned this in T240393: Tracking bug for MediaWiki 1.31.7/1.33.3/1.34.1.Dec 10 2019, 10:53 PM
Reedy removed a subtask: T232932: User content can redirect the logout button to different URL (CVE-2020-10959).Dec 10 2019, 11:03 PM
Reedy added a subtask: T239466: Possible to circumvent title-blacklist (CVE-2019-19709).Dec 12 2019, 12:07 PM
Reedy added a subtask: T192134: Personal and site-wide CSS and JavaScript is loaded on Special:PasswordReset.
Reedy updated the task description. (Show Details)
Reedy renamed this task from Tracking bug for MediaWiki 1.31.6/1.32.6/1.33.2 security release to Tracking bug for MediaWiki 1.31.6/1.32.6/1.33.2/1.34.0 security release.Dec 12 2019, 12:10 PM
sbassett mentioned this in T239466: Possible to circumvent title-blacklist (CVE-2019-19709).Dec 12 2019, 5:36 PM
Legoktm updated the task description. (Show Details)Dec 12 2019, 7:12 PM
Reedy updated the task description. (Show Details)Dec 17 2019, 9:45 PM
Reedy updated the task description. (Show Details)Dec 17 2019, 9:49 PM
Reedy mentioned this in T233501: Obtain CVEs for 1.31.6/1.32.6/1.33.2 security releases.Dec 17 2019, 9:56 PM
Reedy updated the task description. (Show Details)Dec 17 2019, 10:37 PM
Reedy closed this task as Resolved.Dec 19 2019, 2:17 PM
Reedy claimed this task.
Reedy closed subtask T212067: wfParseUrl() incorrectly parses hostnames in older PHP versions and HHVM due to bug in parse_url() (CVE-2016-10397 [PHP]) as Resolved.
Reedy changed the visibility from "Custom Policy" to "Public (No Login Required)".
chasemp added a project: Security.Feb 10 2020, 10:56 PM
chasemp removed a project: acl*security.Feb 20 2020, 8:16 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL