From nobody Sat Apr 01 07:37:12 2023 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PpTWY1SZHz432Bd; Sat, 1 Apr 2023 07:37:13 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PpTWY0lS2z3nqQ; Sat, 1 Apr 2023 07:37:13 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1680334633; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+MQZHhEY0U4yohpemiVpjeBdk7z5GroQUw30BhTlpNo=; b=jTfc82g8WjCk99DAaX9SKwuME/sMlu76gI0zjUD2Dqu+Iert1LjfNiHtA+en1ocZHbsoYa 4HQNAnsolUg9QckU6aFisBEIZ7GU4smI7XIz7VEymuSgnjAHl83NtIgCAe6Oe1svbTivQ1 y2rp4nXR4cn2otXnkMRdZLMOo3yokMFKHNUXUxp+WPxm8WQS5cOGhe9pOjt7E8WJkiOgoz L17GELWkkx5dLktdCqBKgiXR35USnxKYXThpAaNs4eoyfOpK9gaeSwPrQuAtTz35A3zP8m 3hl81Aci1BsTsv4fmFSjboaYqa+Bme9qYF1GKU9K5E+DtVRzLC5PC7hY9xxbKA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1680334633; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+MQZHhEY0U4yohpemiVpjeBdk7z5GroQUw30BhTlpNo=; b=SDJ4rJwxo2o2XTLBj8WsqDlQBfMH4U0sXU48ui/olWH/HZRepWK6vJW6UFAyaHz+1Gp5yV REWdADhzOA1hUvk+bDMhbPzc26o96V6s07HLcOf3LxC/Wi7wM6/dwqycam6MA8CNFSFmVw IAIOmgtLk0TB1BC10oM7oIh86VZDbbQQFktmPoBjBnd2dgEHJ0ZS040QXSRgYdM6NHGYI6 A6ffbAt5tcRz1qGpd//i/zKLgNDRHCZ/zVy0i3WquToiLgc17/74N7QrsKi0Bo6MCMs4P+ C1CdKTjZF8rSnPzi3gm75OWr5FyiE4Ynos1x+j9wQWIrWd02rmdwgBiKr0ncEw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1680334633; a=rsa-sha256; cv=none; b=JKvfrLUAiwNgV5bPfJDZVfy9d994o3MjPMd1p47+URj/sp4+OMZQw/iZFK9i1fUrqfatsf pqwZ3Dwgxz7U+gGzfvoyDdlhVF0tuByfsq525/uHdbv5zfTP9a7rrFdL1ymn/8vAAWBHP3 EXk3AyZ+PkRB/cdZ4mxIqlWGujBEU01qQ2aCLNR7xIvt/strpMp7qjc9l7pb3Lsqdh9HuM ig/EIkvTSzJ8o26yQJbv0mwBQ1ufHT2cozqPDGPnBGo3MrWOIixkUMw9fO5zaSjJqrnNVc G2QQp1/zlkwRFaeGxlv1lWzdnRfDsgzAf1CgjIyX4dwl5Y6QpSNP/C6vv+jqzQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4PpTWX6rPXzSLQ; Sat, 1 Apr 2023 07:37:12 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 3317bCD3031302; Sat, 1 Apr 2023 07:37:12 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 3317bCAl031301; Sat, 1 Apr 2023 07:37:12 GMT (envelope-from git) Date: Sat, 1 Apr 2023 07:37:12 GMT Message-Id: <202304010737.3317bCAl031301@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Wen Heping Subject: git: d58bc805721a - main - security/vuxml: Document mediawiki multiple vulnerabilities List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: wen X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: d58bc805721a89a4cedbb243e842577f70a90f91 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by wen: URL: https://cgit.FreeBSD.org/ports/commit/?id=d58bc805721a89a4cedbb243e842577f70a90f91 commit d58bc805721a89a4cedbb243e842577f70a90f91 Author: Wen Heping AuthorDate: 2023-04-01 02:32:49 +0000 Commit: Wen Heping CommitDate: 2023-04-01 07:33:55 +0000 security/vuxml: Document mediawiki multiple vulnerabilities --- security/vuxml/vuln/2023.xml | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml index 1a48698b1d00..9e8206b86555 100644 --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -1,3 +1,44 @@ + + mediawiki -- multiple vulnerabilities + + + mediawiki135 + 1.35.10 + + + mediawiki138 + 1.38.6 + + + mediawiki139 + 1.39.3 + + + + +

Mediawikwi reports:

+
+

(T285159, CVE-2023-PENDING) SECURITY: X-Forwarded-For header allows + brute-forcing autoblocked IP addresses.

+

(T326946, CVE-2020-36649) SECURITY: Bundled PapaParse copy in + VisualEditor has known ReDos.

+

(T330086, CVE-2023-PENDING) SECURITY: OATHAuth allows replay attacks when + MediaWiki is configured without ObjectCache; Insecure Default Configuration.

+
+ + + + CVE-2023-PENDING + CVE-2020-36649 + CVE-2023-PENDING + https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/6UQBHI5FWLATD7QO7DI4YS54U7XSSLAN/ + + + 2020-04-02 + 2023-04-01 + + + Gitlab -- Multiple Vulnerabilities