Re: git: 9169d8e03708 - main - security/vuxml: Document mediawiki multiple vulnerabilities

From: Nuno Teixeira <eduardo_at_freebsd.org>
Date: Thu, 29 Dec 2022 14:12:46 UTC
Thanks Wen,

It is fixed now.

Cheers

wen heping <wenheping2000@hotmail.com> escreveu no dia quinta, 29/12/2022
à(s) 13:19:

> Thank your message!
> I removed this uncorrect format line of <cvename> now.
>
> wen
>
> ________________________________________
> 发件人: Nuno Teixeira <eduardo@freebsd.org>
> 发送时间: 2022年12月29日 20:59
> 收件人: Wen Heping
> 抄送: ports-committers@freebsd.org; dev-commits-ports-all@freebsd.org;
> dev-commits-ports-main@freebsd.org
> 主题: Re: git: 9169d8e03708 - main - security/vuxml: Document mediawiki
> multiple vulnerabilities
>
> Hello Wen,
>
> Have you noticed that vuxml are stoped at 2022-12-27?
>
> I suspect of <cvename>CVE-2022-PENDING</cvename> because it's not in
> correct format. It should be CVE-NNNN-NNNN
>
> I don't know how to access vuxml build logs but it is that for sure.
>
> Cheers
>
> Wen Heping <wen@freebsd.org<mailto:wen@freebsd.org>> escreveu no dia
> quinta, 29/12/2022 à(s) 03:45:
> The branch main has been updated by wen:
>
> URL:
> https://cgit.FreeBSD.org/ports/commit/?id=9169d8e03708ca0fe85c6889ab9ce18c5f08d4ab
>
> commit 9169d8e03708ca0fe85c6889ab9ce18c5f08d4ab
> Author:     Wen Heping <wen@FreeBSD.org>
> AuthorDate: 2022-12-29 03:42:17 +0000
> Commit:     Wen Heping <wen@FreeBSD.org>
> CommitDate: 2022-12-29 03:42:17 +0000
>
>     security/vuxml: Document mediawiki multiple vulnerabilities
> ---
>  security/vuxml/vuln/2022.xml | 34 ++++++++++++++++++++++++++++++++++
>  1 file changed, 34 insertions(+)
>
> diff --git a/security/vuxml/vuln/2022.xml b/security/vuxml/vuln/2022.xml
> index 7f45e9e5fb06..8ab153950f0d 100644
> --- a/security/vuxml/vuln/2022.xml
> +++ b/security/vuxml/vuln/2022.xml
> @@ -1,3 +1,37 @@
> +  <vuln vid="d379aa14-8729-11ed-b988-080027d3a315">
> +    <topic>mediawiki -- multiple vulnerabilities</topic>
> +    <affects>
> +      <package>
> +       <name>mediawiki135</name>
> +       <range><lt>1.35.9</lt></range>
> +      </package>
> +      <package>
> +       <name>mediawiki138</name>
> +       <range><lt>1.38.5</lt></range>
> +      </package>
> +      <package>
> +       <name>mediawiki139</name>
> +       <range><lt>1.39.1</lt></range>
> +      </package>
> +    </affects>
> +    <description>
> +      <body xmlns="http://www.w3.org/1999/xhtml">
> +       <p>Mediawikwi reports:</p>
> +       <blockquote cite="
> https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/
> ">
> +         <p>(T322637, CVE-2022-PENDING) SECURITY: Make sqlite DB files
> not world readable.</p>
> +       </blockquote>
> +      </body>
> +    </description>
> +    <references>
> +      <cvename>CVE-2022-PENDING</cvename>
> +      <url>
> https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/
> </url>
> +    </references>
> +    <dates>
> +      <discovery>2022-12-01</discovery>
> +      <entry>2022-12-29</entry>
> +    </dates>
> +  </vuln>
> +
>    <vuln vid="4b60c3d9-8640-11ed-a762-482ae324f959">
>      <topic>netdata -- multiple vulnerabilities with streaming</topic>
>      <affects>
>
>
> --
> Nuno Teixeira
> FreeBSD Committer (ports)
>


-- 
Nuno Teixeira
FreeBSD Committer (ports)