From nobody Sat Jul 01 13:04:30 2023 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QtXTB6Cvdz4kKlc; Sat, 1 Jul 2023 13:04:30 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4QtXTB5nrdz4N83; Sat, 1 Jul 2023 13:04:30 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1688216670; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=b+yADzziro/lGTjI4bo7zTX45MS5ipcmVbUlbbmNuLo=; b=eGwXguiOveGGexklzvlQgYqkAR/B8+Yn1iltmEUvw4f+KWo6YFhGb/9vjo7Hc9ovggN3pZ SOzW+huj3ftU5BrwhlV6Fqp/ILsbRa3+zeiSHICsJQHuYOP8FMPgPEllw9QBanObgwAbh3 jioo66UuiS30ZS7xMoUT6Z92svOouZwS2OEMHL4BsM8X72ufB6xvgvUI4tRvLjv2CUIfJA yz0Oc8/5hcjt5Q9gzHmDJERpJIr6T1fdIn5c5PpKkNWoZUyHxFhra/jQ6xj1ZXtqjpSPTO 3IHcqrLtVFXGNkAihUjWbe+nUMckYzwUjSYR8+qzHjZjkF1Q0X0tAfKQ2u27gw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1688216670; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=b+yADzziro/lGTjI4bo7zTX45MS5ipcmVbUlbbmNuLo=; b=H9vbEBJ4x38H4JPWIQUQt88J/+VrupNdoRv2X3LOhRDBEATqS4m6v1vjLFyr6aZiLxbQC5 AP3Jn/OfJjOqjycNYNoE6rmGhIWdAg41wzs2yLOkCVGBNZtmtGnNDYNllFy3FALIAnW3S8 moSbV9/WjvixKF1OJvwuWZ0RlT2JgV0cP4XSlxhx4mVH1KDXzNYXXyPadQrQF2VaevyVsX xZJ895rBpwASTSdwsN0C/MDV4ex75hdGUDjeY9HIHWf6zC5yaePoeroBb1W/R4Puhtjq0b nxjd9Owi1pYmw+9/y0yN/FKhVTG5OPxwvQbOVH/PucDyGbRKSLPoNsaz/vosXQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1688216670; a=rsa-sha256; cv=none; b=efwKabpvaoj6N3DZ/Ebv9j4AyWHG648XkcON/cWaGCrVcKkumyVqb69t+0QUx7BLmKsKzu a0wQDSsCZ9B+ADT8YpZ65IsJsbcftuorjMVHP3JbJ/OLSMofDHG+GBfDF1muJIWgOKaos2 oGKu1aYyjAboF+xW26vxnGu+JqZU11mfadxgv6Y1dADsWBbuljg3KQkBl2f1I2GezJ9McP sbGr27GKmvRuYZEDRm2XKckqg63drC2tINOCXaqcW9L1o3NVStrXIGTNr6H01fMQV3UHiv NpYLaPTf1YXKPFE/APwOQhzcDqFT+TUZoCTXPGIAgkWv9NBGSEAAg3T1IFRgfA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QtXTB4RRlzRlV; Sat, 1 Jul 2023 13:04:30 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 361D4UIZ038493; Sat, 1 Jul 2023 13:04:30 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 361D4UCj038492; Sat, 1 Jul 2023 13:04:30 GMT (envelope-from git) Date: Sat, 1 Jul 2023 13:04:30 GMT Message-Id: <202307011304.361D4UCj038492@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Wen Heping Subject: git: 8bebd5de23ce - main - security/vuxml: Document mediawiki multiple vulnerabilities List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: wen X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 8bebd5de23cea5bd1203cd0e8f2f1d7e2f7154fc Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by wen: URL: https://cgit.FreeBSD.org/ports/commit/?id=8bebd5de23cea5bd1203cd0e8f2f1d7e2f7154fc commit 8bebd5de23cea5bd1203cd0e8f2f1d7e2f7154fc Author: Wen Heping AuthorDate: 2023-07-01 13:03:38 +0000 Commit: Wen Heping CommitDate: 2023-07-01 13:03:38 +0000 security/vuxml: Document mediawiki multiple vulnerabilities --- security/vuxml/vuln/2023.xml | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml index f29e6880a418..d40c9395947c 100644 --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -1,3 +1,42 @@ + + mediawiki -- multiple vulnerabilities + + + mediawiki135 + 1.35.11 + + + mediawiki138 + 1.38.7 + + + mediawiki139 + 1.39.4 + + + + +

Mediawiki reports:

+
+

(T335203, CVE-2023-29197) Upgrade guzzlehttp/psr7 to >= 1.9.1/2.4.5.

+

(T335612, CVE-2023-36674) Manualthumb bypasses badFile lookup.

+

(T332889, CVE-2023-36675) XSS in BlockLogFormatter due to unsafe message + use.

+
+ + + + CVE-2023-29197 + CVE-2023-36674 + CVE-2023-36675 + https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/HVT3U3XYY35PSCIQPHMY4VQNF3Q6MHUO/ + + + 2023-04-21 + 2023-07-01 + + + Gitlab -- Vulnerabilities