Page MenuHomePhabricator
Create Task
Maniphest T335203

CVE-2023-29197: Upgrade guzzlehttp/psr7 to >= 1.9.1/2.4.5
Closed, ResolvedPublicSecurity
Actions

Description

https://nvd.nist.gov/vuln/detail/CVE-2023-29197

1.35 needs 1.9.1

The rest need 2.4.5

Details

Author Affiliation
WMF Technology Dept
SubjectRepoBranchLines +/-
Upgrading guzzlehttp/psr7 (2.4.3 => 2.4.5)mediawiki/vendorREL1_40+66 -46
Upgrading guzzlehttp/psr7 (2.4.0 => 2.4.5)mediawiki/vendorREL1_39+127 -57
Upgrading guzzlehttp/psr7 (2.4.0 => 2.4.5)mediawiki/vendorREL1_38+123 -53
Upgrading guzzlehttp/psr7 (1.9.0 => 1.9.1)mediawiki/vendorREL1_35+32 -42
Upgrading guzzlehttp/psr7 (2.4.3 => 2.4.5)mediawiki/vendormaster+62 -42
Customize query in gerrit

Related Objects
Search...

Event Timeline

Reedy created this task.Apr 21 2023, 7:17 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 21 2023, 7:17 PM
Reedy renamed this task from CVE-2023-29197: Upgrade guzzlehttp/psr7 to >= 2.4.5 to CVE-2023-29197: Upgrade guzzlehttp/psr7 to >= 1.9.1/2.4.5.Apr 21 2023, 7:18 PM
Reedy edited projects, added SecTeam-Processed, MediaWiki-Vendor; removed Security-Team.
Reedy added projects: MW-1.35-release, MW-1.38-release, MW-1.39-release, MW-1.40-release.
Reedy updated the task description. (Show Details)
Reedy added a subscriber: GerritBot.
Reedy triaged this task as Low priority.Apr 21 2023, 7:20 PM
gerritbot added a comment.Apr 21 2023, 7:49 PM

Change 910790 had a related patch set uploaded (by Reedy; author: Reedy):

[mediawiki/vendor@master] Upgrading guzzlehttp/psr7 (2.4.3 => 2.4.5)

https://gerrit.wikimedia.org/r/910790

gerritbot added a project: Patch-For-Review.Apr 21 2023, 7:49 PM
gerritbot added a comment.Apr 21 2023, 7:51 PM

Change 910791 had a related patch set uploaded (by Reedy; author: Reedy):

[mediawiki/vendor@REL1_40] Upgrading guzzlehttp/psr7 (2.4.3 => 2.4.5)

https://gerrit.wikimedia.org/r/910791

gerritbot added a comment.Apr 21 2023, 7:53 PM

Change 910793 had a related patch set uploaded (by Reedy; author: Reedy):

[mediawiki/vendor@REL1_39] Upgrading guzzlehttp/psr7 (2.4.0 => 2.4.5)

https://gerrit.wikimedia.org/r/910793

gerritbot added a comment.Apr 21 2023, 7:54 PM

Change 910794 had a related patch set uploaded (by Reedy; author: Reedy):

[mediawiki/vendor@REL1_38] Upgrading guzzlehttp/psr7 (2.4.0 => 2.4.5)

https://gerrit.wikimedia.org/r/910794

gerritbot added a comment.Apr 21 2023, 7:56 PM

Change 910795 had a related patch set uploaded (by Reedy; author: Reedy):

[mediawiki/vendor@REL1_35] Upgrading guzzlehttp/psr7 (1.9.0 => 1.9.1)

https://gerrit.wikimedia.org/r/910795

Reedy changed the visibility from "Custom Policy" to "Public (No Login Required)".Apr 21 2023, 7:58 PM
Reedy changed the edit policy from "Custom Policy" to "All Users".
gerritbot added a comment.Apr 21 2023, 8:22 PM

Change 910790 merged by jenkins-bot:

[mediawiki/vendor@master] Upgrading guzzlehttp/psr7 (2.4.3 => 2.4.5)

https://gerrit.wikimedia.org/r/910790

Peachey88 edited subscribers, added: gerritbot; removed: GerritBot.Apr 22 2023, 3:07 AM
gerritbot added a comment.Apr 22 2023, 7:32 AM

Change 910795 merged by Umherirrender:

[mediawiki/vendor@REL1_35] Upgrading guzzlehttp/psr7 (1.9.0 => 1.9.1)

https://gerrit.wikimedia.org/r/910795

gerritbot added a comment.Apr 22 2023, 7:34 AM

Change 910794 merged by Umherirrender:

[mediawiki/vendor@REL1_38] Upgrading guzzlehttp/psr7 (2.4.0 => 2.4.5)

https://gerrit.wikimedia.org/r/910794

gerritbot added a comment.Apr 22 2023, 7:34 AM

Change 910793 merged by Umherirrender:

[mediawiki/vendor@REL1_39] Upgrading guzzlehttp/psr7 (2.4.0 => 2.4.5)

https://gerrit.wikimedia.org/r/910793

gerritbot added a comment.Apr 22 2023, 7:34 AM

Change 910791 merged by Umherirrender:

[mediawiki/vendor@REL1_40] Upgrading guzzlehttp/psr7 (2.4.3 => 2.4.5)

https://gerrit.wikimedia.org/r/910791

Maintenance_bot removed a project: Patch-For-Review.Apr 22 2023, 8:11 AM
Reedy closed this task as Resolved.Apr 23 2023, 5:22 PM
Reedy claimed this task.
Reedy added a parent task: T333617: Tracking bug for MediaWiki 1.35.11/1.38.7/1.39.4/1.40.0.
ReleaseTaggerBot added a project: MW-1.41-notes (1.41.0-wmf.9; 2023-05-15).May 15 2023, 6:02 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL