OK, thanks for clarifying. We process Fedora's Security Updates primarily based on CVEs listed under 'Bugs', so that info helps. Plus I understand the Wikimedia phabricator listing better now. tyvm!
This update has been submitted for stable by bodhi.
This update has been submitted for testing by mooninite.
This update's test gating status has been changed to 'ignored'.
This update has been pushed to testing.
Thx for the update @mooninite,
can You comment on those CVEs? AFAIK 1.36.3 fixes
https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_36/RELEASE-NOTES-1.36
For the vulns listed under 'bugs' for this update there are some patches available, but I'm not sure if they made it to 1.36.3 in time:
https://phabricator.wikimedia.org/T292226
Can You clarify which set of vulns is fixed with this update?
Thanks, cheers
@bynt, the bug report CVEs are for MediaWiki extensions that are not shipped as part of our package.
Example: CVE-2021-45474 is against the 'FileImporter' extension.
CVE-2021-45472 and CVE-2021-45473 - are against the 'Wikibase' extension.
CVE-2021-45471 is against the 'EntitySchema' extension.
OK, thanks for clarifying. We process Fedora's Security Updates primarily based on CVEs listed under 'Bugs', so that info helps. Plus I understand the Wikimedia phabricator listing better now. tyvm!
This update has been submitted for stable by bodhi.
This update has been pushed to stable.