Re: git: 9169d8e03708 - main - security/vuxml: Document mediawiki multiple vulnerabilities
Date: Thu, 29 Dec 2022 12:59:58 UTC
Hello Wen, Have you noticed that vuxml are stoped at 2022-12-27? I suspect of <cvename>CVE-2022-PENDING</cvename> because it's not in correct format. It should be CVE-NNNN-NNNN I don't know how to access vuxml build logs but it is that for sure. Cheers Wen Heping <wen@freebsd.org> escreveu no dia quinta, 29/12/2022 Ã (s) 03:45: > The branch main has been updated by wen: > > URL: > https://cgit.FreeBSD.org/ports/commit/?id=9169d8e03708ca0fe85c6889ab9ce18c5f08d4ab > > commit 9169d8e03708ca0fe85c6889ab9ce18c5f08d4ab > Author: Wen Heping <wen@FreeBSD.org> > AuthorDate: 2022-12-29 03:42:17 +0000 > Commit: Wen Heping <wen@FreeBSD.org> > CommitDate: 2022-12-29 03:42:17 +0000 > > security/vuxml: Document mediawiki multiple vulnerabilities > --- > security/vuxml/vuln/2022.xml | 34 ++++++++++++++++++++++++++++++++++ > 1 file changed, 34 insertions(+) > > diff --git a/security/vuxml/vuln/2022.xml b/security/vuxml/vuln/2022.xml > index 7f45e9e5fb06..8ab153950f0d 100644 > --- a/security/vuxml/vuln/2022.xml > +++ b/security/vuxml/vuln/2022.xml > @@ -1,3 +1,37 @@ > + <vuln vid="d379aa14-8729-11ed-b988-080027d3a315"> > + <topic>mediawiki -- multiple vulnerabilities</topic> > + <affects> > + <package> > + <name>mediawiki135</name> > + <range><lt>1.35.9</lt></range> > + </package> > + <package> > + <name>mediawiki138</name> > + <range><lt>1.38.5</lt></range> > + </package> > + <package> > + <name>mediawiki139</name> > + <range><lt>1.39.1</lt></range> > + </package> > + </affects> > + <description> > + <body xmlns="http://www.w3.org/1999/xhtml"> > + <p>Mediawikwi reports:</p> > + <blockquote cite=" > https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/ > "> > + <p>(T322637, CVE-2022-PENDING) SECURITY: Make sqlite DB files > not world readable.</p> > + </blockquote> > + </body> > + </description> > + <references> > + <cvename>CVE-2022-PENDING</cvename> > + <url> > https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/ > </url> > + </references> > + <dates> > + <discovery>2022-12-01</discovery> > + <entry>2022-12-29</entry> > + </dates> > + </vuln> > + > <vuln vid="4b60c3d9-8640-11ed-a762-482ae324f959"> > <topic>netdata -- multiple vulnerabilities with streaming</topic> > <affects> > -- Nuno Teixeira FreeBSD Committer (ports)