Page MenuHomePhabricator
Create Task
Maniphest T297831

Obtain CVEs for 1.35.6/1.36.4/1.37.2 security releases
Closed, ResolvedPublic
Actions

Related Objects
Search...

Event Timeline

Reedy added projects: Security, MediaWiki-Releasing.Dec 15 2021, 8:53 PM
Reedy added a subscriber: Reedy.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 15 2021, 8:53 PM
Reedy added a parent task: T297829: Release MediaWiki 1.35.6/1.36.4/1.37.2.Dec 15 2021, 8:53 PM
Reedy renamed this task from Obtain CVEs for 1.35.5/1.36.3/1.37.1 security releases to Obtain CVEs for 1.35.6/1.36.4/1.37.2 security releases.Dec 15 2021, 9:12 PM
Reedy changed the task status from Open to In Progress.Mar 28 2022, 1:52 PM

CVEs requested for T297731: CVE-2022-28203: Requesting Special:NewFiles in commons with actor as a condition can bring the whole database down , T297571: CVE-2022-28201: Title::newMainPage() goes into an infinite recursion loop if it points to a local interwiki, T297754: CVE-2022-28204: Whatlinkshere of heavily used properties in wikidata can be easily utilized as a DDoS vector, T297543: CVE-2022-28202: Messages widthheight/widthheightpage/nbytes not escaped when used in galleries or Special:RevisionDelete.

Reedy closed this task as Resolved.Mar 31 2022, 10:27 PM
Reedy claimed this task.
Reedy triaged this task as Medium priority.
Reedy changed the visibility from "acl*security (Project)" to "Public (No Login Required)".
Reedy changed the edit policy from "acl*security (Project)" to "All Users".
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL