1.38.3 security releases
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	Reedy
	Jun 30 2022, 9:02 PM

Related Objects
Search...

		Status	Subtype	Assigned	Task
		Resolved		Reedy	T311775 Release MediaWiki 1.35.8/1.37.5/1.38.3
		Resolved		Reedy	T311777 Obtain CVEs for 1.35.8/1.37.5/1.38.3 security releases

Event Timeline

Reedy added projects: Security, MediaWiki-Releasing.Jun 30 2022, 9:02 PM

Reedy subscribed.

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 30 2022, 9:02 PM

Reedy added a parent task: T311775: Release MediaWiki 1.35.8/1.37.5/1.38.3.Jun 30 2022, 9:02 PM

Reedy renamed this task from Obtain CVEs for 1.35.8/1.37.4/1.38.3 security releases to Obtain CVEs for 1.35.8/1.37.5/1.38.3 security releases.Jul 8 2022, 5:01 PM

T309894: CVE-2022-41765: HTMLUserTextField exposes existence of hidden users and T307278: CVE-2022-41766: On action=rollback the message "alreadyrolled" can leak revision deleted user name need a CVE.

Can't decide if we should get a CVE for T316304: CVE-2022-41767: reassignEdits doesn't update results in an IP range check on Special:Contributions..

Submitted!

Reedy closed this task as Resolved.Sep 29 2022, 9:15 PM

Reedy claimed this task.

Reedy changed the visibility from "acl*security (Project)" to "Public (No Login Required)".

Reedy changed the edit policy from "acl*security (Project)" to "All Users".

Obtain CVEs for 1.35.8/1.37.5/1.38.3 security releasesClosed, ResolvedPublicActions

Related ObjectsSearch...

Event Timeline

Obtain CVEs for 1.35.8/1.37.5/1.38.3 security releases
Closed, ResolvedPublic
Actions

Related Objects
Search...