Page MenuHomePhabricator

Tracking bug for MediaWiki 1.31.13/1.35.2
Closed, ResolvedPublic

Description

Previous work: T263803: Tracking bug for MediaWiki 1.31.11/1.35.1

Tracking bug for next security release, 1.31.13/1.35.2

Maniphest IDCVE IDREL1_31REL1_35master
T270453CVE-2021-30153(not in tarball)
T270713CVE-2021-30152
T270988CVE-2021-30155
T272386CVE-2021-30159
T276843CVE-2021-20270, CVE-2021-27291mergedmerged
T277009CVE-2021-30158mergedmergedmerged
T278058CVE-2021-30157mergedmergedmerged
T278014CVE-2021-30154mergedmergedmerged
T279451CVE-2021-30458n/a

Notes:

  1. T274883 never made it into a release, but I figured we'd track it here just in case. There's also a "better" patch that will be pushed through gerrit, as a replacement to the initial production security patch.
  2. T277009 went through gerrit as a low-risk, security-related bug.

Details

Due Date
Thu, Apr 8, 10:30 PM

Related Objects

Event Timeline

sbassett updated the task description. (Show Details)
sbassett updated the task description. (Show Details)
sbassett triaged this task as Medium priority.Mar 10 2021, 8:15 PM
sbassett updated the task description. (Show Details)
Reedy updated the task description. (Show Details)
Reedy set Due Date to Thu, Apr 8, 10:30 PM.Mar 31 2021, 6:26 PM
Reedy updated the task description. (Show Details)
Legoktm updated the task description. (Show Details)
Reedy claimed this task.
Reedy changed the visibility from "acl*security (Project)" to "Public (No Login Required)".
Reedy changed the edit policy from "acl*security (Project)" to "All Users".