Previous work: {T140591}
Just a tracking bug for tasks that should be in the next security release.
Although 1.30 hasn't been released yet, security patches will need backporting for that too, though, hopefully, they shouldn't be too far away from the ones for HEAD of master...
| Maniphest ID | CVE ID | REL1_27 | REL1_28 | REL1_29 | REL1_30 | master
| ---- | ---- | ---- | ---- | ---- | ----| ---
| T178451 | CVE-2017-8808| {F10578667} | {F10721842} | {F10721843} | {F10577981} | {F10574834}
| T165846 | | {F10578671} | {F10722306} | {F10722305} | {F10578672} | {F10578670}
| T128209 | CVE-2017-8809| {F10701041} |{F10701044} |{F10701045} |{F10701046} | {F10701048}
| T134100 | CVE-2017-8810| {F10774727}|{F10774735} |{F10774739} |{F10774748} |{F10774756} |
| T176247 | CVE-2017-8811| {F10767766}| {F10767767}| {F10720791} | {F10720789} | {F10720787} |
| T125163 | | {F10767948} | {F10767949} | {F10767950} | [[https://gerrit.wikimedia.org/r/#/c/362326/ | gerrit 362326]] | [[https://gerrit.wikimedia.org/r/#/c/362326/ | gerrit 362326]]
| T180231/T180237 | CVE-2017-9841| {F10721718}{F10722332} | {F10721717}{F10722328} | {F10721475}{F10722330} | {F10721473}{F10722331} |{F10721474}{F10722329} |
| T124404 | |{F4307614} | {F10768484}| {F10768482}| {F10768477}| {F10768474}|
| T119158 | |{F10769778} |{F10769779} |{F10769782} | {F10769787}| {F10769788}|
**Vendor**
Should trivially cherry pick onto all branches
{F10721380}