Wikimedia Security Team/Thanks

From MediaWiki.org
Jump to navigation Jump to search

Special thanks to the people who have helped improve the security of MediaWiki, and other software supporting the Wikimedia projects!

Note: This only covers MediaWiki core and bundled extensions. While we deeply appreciate people reporting issues against other extensions, they are not covered by this page.

Todo: Where do we thank people for reporting non-MediaWiki things like parsoid vulns, or varnish config vulns?

CVE Ticket Reporter
MediaWiki 1.29.2, 1.28.3 and 1.27.4 (November 2017)
CVE-2017-8809 T128209 Abdullah Hussam
none T165846 Anomie
CVE-2017-8810 T134100 Bartosz Dziewoński ("Matma Rex")
CVE-2017-8808 T178451 Bawolff
CVE-2017-8811 T176247 Bastenbas
CVE-2017-8812 T125163 Bawolff
CVE-2017-8814 T124404 Bawolff
CVE-2017-8815 T119158 Bawolff
CVE-2017-0361 T180488 Anomie
CVE-2017-9841 T180231 Tom Hutchison
MediaWiki 1.28.1, 1.27.2 and 1.23.16 (April 2017)
CVE-2017-0363 T109140 Merlijn van Deen (aka "Valhallasw")
CVE-2017-0364 T122209 Bawolff
CVE-2017-0365 T144845 Bawolff
CVE-2017-0361 T125177 Tgr
CVE-2017-0362 T150044 Legoktm
CVE-2017-0368 T156184 Bawolff
CVE-2017-0366 T151735 Cassiogomes11
CVE-2017-0370 T48143 MZMcBride
CVE-2017-0369 T108138 Luke081515
CVE-2017-0367 T161453 Bawolff
CVE-2017-0372 T158689 Yorick Koster (Securify)
MediaWiki 1.27.1, 1.26.4, 1.23.15 (August 2016)
CVE-2016-6335 T139565, T139570 This, Schnark
CVE-2016-6334 T137264 Bawolff, Legoktm
CVE-2016-6333 T133147 Bawolff
CVE-2016-6336 T132926 Bawolff
CVE-2016-6332 T129738 Multichill
CVE-2016-6331 T115333 Church of emacs
none T57548 PleaseStand
CVE-2016-6337 T139670 Anomie
MediaWiki 1.26.3, 1.25.6 and 1.23.14 (May 2016)
none T122056 Unicornisaurous
none T127114 Bawolff
none T123653 MaxSem
none T123071 Bawolff
none T129506 eranroz
none T125283 Matiia, Matanya
none T103239 Fomafix
none T122807 User:CSteipp (WMF) (Based on [1] by Paragon Initiative Enterprises Security Team)
none T130947 MaxSem
none T133507 Ori Livneh
none T110143 Bawolff
none T132874 Anomie
none T127420 PleaseStand
none T126685 CSteipp
none T116030 CSteipp
MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12 (Dec 2015)
CVE-2015-8628 T109724 Xavier Combelle
CVE-2015-8627 T97897 Vituzzu
CVE-2015-8626 T115522 Frank R. Farmer
CVE-2015-8625 T118032 User:Catrope
CVE-2015-8623 gerrit:156336 User:Anomie
CVE-2015-8624 T119309 User:Tgr (WMF)
CVE-2015-8622 T117899 Bartosz Dziewoński ("Matma Rex")

2016[edit]

Contributor Found Fixed
Sergey Belov T118769
Ori Livneh T118769

2015[edit]

Contributor Found Fixed
BWolff (WMF) CVE-2015-2933, CVE-2015-2932 CVE-2015-8628, CVE-2015-2933
BJorsch (WMF) CVE-2015-8004 CVE-2015-8623, CVE-2015-8626, CVE-2015-8001, CVE-2015-8002, CVE-2015-6728, CVE-2015-2938, CVE-2015-8004
Brion Vibber (WMF) CVE-2015-6735
Bsadowski1 CVE-2015-6727
CSteipp (WMF) CVE-2015-8003, CVE-2015-6732, CVE-2015-6732, CVE-2015-6728, CVE-2015-6730, CVE-2015-2937, CVE-2015-2934, CVE-2015-2936 CVE-2015-8009, CVE-2015-8008, CVE-2015-8003, CVE-2015-6732, CVE-2015-6731, CVE-2015-6730, CVE-2015-2931, CVE-2015-2937, CVE-2015-2934, CVE-2015-2942, CVE-2015-2932
DPatrick (WMF) CVE-2015-8627, CVE-2015-8005, T98533
Frankrfarmer CVE-2015-8626
Grunny CVE-2015-6731, CVE-2015-8006 CVE-2015-8006
Hoo man CVE-2015-6736
Jackmcbarn CVE-2015-2939 CVE-2015-2939
John Menerick CVE-2015-6729
Legoktm CVE-2015-8007 CVE-2015-6727, CVE-2015-2941, CVE-2015-2940, CVE-2015-8007
Majr CVE-2015-6737
MaxSem CVE-2015-6733 CVE-2015-6734, CVE-2015-6733
McZusatz CVE-2015-6735
DAU Huy Ngoc CVE-2015-6734
Parent5446 CVE-2015-2936, CVE-2015-2935
Roan Kattouw (WMF) CVE-2015-8625 CVE-2015-8625
RobinHood70 CVE-2015-8001
Richard Stanway CVE-2015-8005, CVE-2015-8002
Sitic CVE-2015-8009, CVE-2015-8008
Tgr (WMF) CVE-2015-8624 CVE-2015-8624
Vituzzu CVE-2015-8627
Xavier Combelle CVE-2015-8628
^demon CVE-2015-6736