Previous work: T292236: Write and send supplementary release announcement for extensions and skins with security patches (1.35.5/1.36.3/1.37.1)
Maniphest ID | Extension or Skin | CVE ID | REL1_35 | REL1_36 | REL1_37 | master |
---|---|---|---|---|---|---|
T285116 | Echo | CVE-2022-28324 | N/A | N/A | Yes | Yes |
T298019 | GrowthExperiments | CVE-2022-28326 | N/A | N/A | N/A | Yes |
T298581 | MobileFrontend | CVE-2022-28325 | Yes | No | Yes | Yes |
T298434 | SecurePoll | CVE-2022-28323 | N/A | Yes | Yes | Yes |
T294256 | FileImporter | CVE-2022-28206 | N/A | N/A | N/A | Yes |
T298312 | GrowthExperiments | CVE-2022-28207 | Yes | Yes | Yes | Yes |
T302248 | CentralAuth | CVE-2022-28205 | N/A | N/A | N/A | Yes, Yes |
T302215 | Wikibase | CVE-2022-28208 | Yes | Yes | Yes | Yes |
T302192 | JsonConfig | CVE-2021-28210 | Yes | Yes | Yes | Yes |
T160800 | TimedMediaHandler | CVE-2022-28211 | Yes | Yes | Yes | Yes |
T304126 | AntiSpoof | CVE-2022-28209 | N/A | Yes | Yes | Yes |
T304354 | FlaggedRevs | CVE-2022-28212 | N/A | N/A | Yes | Yes |
T226212 | CentralAuth | CVE-2022-28322 | N/A | N/A | Yes | Yes |
template
n.b. For the Echo bug, there is an updated patch here: T285116#7585701
n.b. Two patches for the JsonConfig issue, should be squashed
n.b. Two patches for the CentralAuth issue
possibly include: T302199: QuizGame: Administrative API module lets unauthenticated requests through