Wikimedia Security Team/Thanks

Special thanks to the people who have helped improve the security of MediaWiki, and other software supporting the Wikimedia projects!

Note: This only covers MediaWiki core and bundled extensions. While we deeply appreciate people reporting issues against other extensions, they are not covered by this page.

Todo: Where do we thank people for reporting non-MediaWiki things like parsoid vulns, or varnish config vulns?

CVE	Ticket	Reporter
MediaWiki 1.29.2, 1.28.3 and 1.27.4 (November 2017)
CVE-2017-8809	T128209	Abdullah Hussam
none	T165846	Anomie
CVE-2017-8810	T134100	Bartosz Dziewoński ("Matma Rex")
CVE-2017-8808	T178451	Bawolff
CVE-2017-8811	T176247	Bastenbas
CVE-2017-8812	T125163	Bawolff
CVE-2017-8814	T124404	Bawolff
CVE-2017-8815	T119158	Bawolff
CVE-2017-0361	T180488	Anomie
CVE-2017-9841	T180231	Tom Hutchison
MediaWiki 1.28.1, 1.27.2 and 1.23.16 (April 2017)
CVE-2017-0363	T109140	Merlijn van Deen (aka "Valhallasw")
CVE-2017-0364	T122209	Bawolff
CVE-2017-0365	T144845	Bawolff
CVE-2017-0361	T125177	Tgr
CVE-2017-0362	T150044	Legoktm
CVE-2017-0368	T156184	Bawolff
CVE-2017-0366	T151735	Cassiogomes11
CVE-2017-0370	T48143	MZMcBride
CVE-2017-0369	T108138	Luke081515
CVE-2017-0367	T161453	Bawolff
CVE-2017-0372	T158689	Yorick Koster (Securify)
MediaWiki 1.27.1, 1.26.4, 1.23.15 (August 2016)
CVE-2016-6335	T139565, T139570	This, Schnark
CVE-2016-6334	T137264	Bawolff, Legoktm
CVE-2016-6333	T133147	Bawolff
CVE-2016-6336	T132926	Bawolff
CVE-2016-6332	T129738	Multichill
CVE-2016-6331	T115333	Church of emacs
none	T57548	PleaseStand
CVE-2016-6337	T139670	Anomie
MediaWiki 1.26.3, 1.25.6 and 1.23.14 (May 2016)
none	T122056	Unicornisaurous
none	T127114	Bawolff
none	T123653	MaxSem
none	T123071	Bawolff
none	T129506	eranroz
none	T125283	Matiia, Matanya
none	T103239	Fomafix
none	T122807	User:CSteipp (WMF) (Based on by Paragon Initiative Enterprises Security Team)
none	T130947	MaxSem
none	T133507	Ori Livneh
none	T110143	Bawolff
none	T132874	Anomie
none	T127420	PleaseStand
none	T126685	CSteipp
none	T116030	CSteipp
MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12 (Dec 2015)
CVE-2015-8628	T109724	Xavier Combelle
CVE-2015-8627	T97897	Vituzzu
CVE-2015-8626	T115522	Frank R. Farmer
CVE-2015-8625	T118032	User:Catrope
CVE-2015-8623	gerrit:156336	User:Anomie
CVE-2015-8624	T119309	User:Tgr (WMF)
CVE-2015-8622	T117899	Bartosz Dziewoński ("Matma Rex")

2016

Contributor	Found	Fixed
Sergey Belov	T118769
Ori Livneh		T118769

2015

Contributor	Found	Fixed
BWolff (WMF)	CVE-2015-2933, CVE-2015-2932	CVE-2015-8628, CVE-2015-2933
BJorsch (WMF)	CVE-2015-8004	CVE-2015-8623, CVE-2015-8626, CVE-2015-8001, CVE-2015-8002, CVE-2015-6728, CVE-2015-2938, CVE-2015-8004
Brion Vibber (WMF)		CVE-2015-6735
Bsadowski1	CVE-2015-6727
CSteipp (WMF)	CVE-2015-8003, CVE-2015-6732, CVE-2015-6732, CVE-2015-6728, CVE-2015-6730, CVE-2015-2937, CVE-2015-2934, CVE-2015-2936	CVE-2015-8009, CVE-2015-8008, CVE-2015-8003, CVE-2015-6732, CVE-2015-6731, CVE-2015-6730, CVE-2015-2931, CVE-2015-2937, CVE-2015-2934, CVE-2015-2942, CVE-2015-2932
DPatrick (WMF)		CVE-2015-8627, CVE-2015-8005, T98533
Frankrfarmer	CVE-2015-8626
Grunny	CVE-2015-6731, CVE-2015-8006	CVE-2015-8006
Hoo man		CVE-2015-6736
Jackmcbarn	CVE-2015-2939	CVE-2015-2939
John Menerick	CVE-2015-6729
Legoktm	CVE-2015-8007	CVE-2015-6727, CVE-2015-2941, CVE-2015-2940, CVE-2015-8007
Majr	CVE-2015-6737
MaxSem	CVE-2015-6733	CVE-2015-6734, CVE-2015-6733
McZusatz	CVE-2015-6735
DAU Huy Ngoc	CVE-2015-6734
Parent5446		CVE-2015-2936, CVE-2015-2935
Roan Kattouw (WMF)	CVE-2015-8625	CVE-2015-8625
RobinHood70	CVE-2015-8001
Richard Stanway	CVE-2015-8005, CVE-2015-8002
Sitic	CVE-2015-8009, CVE-2015-8008
Tgr (WMF)	CVE-2015-8624	CVE-2015-8624
Vituzzu	CVE-2015-8627
Xavier Combelle	CVE-2015-8628
^demon	CVE-2015-6736

This article is issued from Mediawiki. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.