From owner-freebsd-ports-bugs@FreeBSD.ORG  Fri Sep 21 19:20:01 2007
Return-Path: <owner-freebsd-ports-bugs@FreeBSD.ORG>
Delivered-To: freebsd-ports-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A0BBE16A41A
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Fri, 21 Sep 2007 19:20:01 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 7F9C613C4B9
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Fri, 21 Sep 2007 19:20:01 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id l8LJK16W028058
	for <freebsd-ports-bugs@freefall.freebsd.org>;
	Fri, 21 Sep 2007 19:20:01 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.1/8.14.1/Submit) id l8LJK106028057;
	Fri, 21 Sep 2007 19:20:01 GMT (envelope-from gnats)
Resent-Date: Fri, 21 Sep 2007 19:20:01 GMT
Resent-Message-Id: <200709211920.l8LJK106028057@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-ports-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Nick Barkas <snb@threerings.net>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 464B416A41B
	for <FreeBSD-gnats-submit@freebsd.org>;
	Fri, 21 Sep 2007 19:15:34 +0000 (UTC)
	(envelope-from snb@smtp.earth.threerings.net)
Received: from smtp.earth.threerings.net (smtp1.earth.threerings.net
	[64.127.109.108])
	by mx1.freebsd.org (Postfix) with ESMTP id 34F1F13C455
	for <FreeBSD-gnats-submit@freebsd.org>;
	Fri, 21 Sep 2007 19:15:34 +0000 (UTC)
	(envelope-from snb@smtp.earth.threerings.net)
Received: by smtp.earth.threerings.net (Postfix, from userid 10038)
	id B110361DBF; Fri, 21 Sep 2007 12:15:33 -0700 (PDT)
Message-Id: <20070921191533.B110361DBF@smtp.earth.threerings.net>
Date: Fri, 21 Sep 2007 12:15:33 -0700 (PDT)
From: Nick Barkas <snb@threerings.net>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Cc: 
Subject: ports/116519: [patch] security/vuxml update for mediawiki XSS
	vulnerability
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Nick Barkas <snb@threerings.net>
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Sep 2007 19:20:01 -0000


>Number:         116519
>Category:       ports
>Synopsis:       [patch] security/vuxml update for mediawiki XSS vulnerability
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Fri Sep 21 19:20:00 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     Nick Barkas
>Release:        FreeBSD 6.2-RELEASE-p4 i386
>Organization:
Three Rings Design
>Environment:
System: FreeBSD mail1.earth.threerings.net 6.2-RELEASE-p4 FreeBSD 6.2-RELEASE-p4 #0: Thu Apr 26 17:55:55 UTC 2007 root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/SMP i386
>Description:
All MediaWiki ports install themselves with the package name mediawiki, so the
current version of VuXML entry c9c14242-6843-11dc-82b6-02e0185f8d72 indicates
every version of MediaWiki below 1.10.2 is vulnerable to this bug. This patch
changes it so portaudit only finds 1.10 releases before 1.10.2, 1.9 releases
before 1.9.4, and 1.8 releases before 1.8.5 vulnerable. 

Note that 1.8.x is not vulnerable by default, only if the user has enabled
$wgEnableAPI. I'm not sure if the potential vulnerability in 1.8.x before 1.8.5
should be noted in this advisory or not.
>How-To-Repeat:
>Fix:
--- vuxml.patch begins here ---
--- vuln.xml.orig	Fri Sep 21 06:14:29 2007
+++ vuln.xml	Fri Sep 21 12:01:59 2007
@@ -39,11 +39,9 @@
     <affects>
       <package>
 	<name>mediawiki</name>
-	<range><lt>1.10.2</lt></range>
-      </package>
-      <package>
-	<name>mediawiki19</name>
-	<range><lt>1.9.4</lt></range>
+	<range><ge>1.10.0</ge><lt>1.10.2</lt></range>
+	<range><ge>1.9.0</ge><lt>1.9.4</lt></range>
+	<range><ge>1.8.0</ge><lt>1.8.5</lt></range>
       </package>
     </affects>
     <description>
@@ -67,6 +65,7 @@
     <dates>
       <discovery>2007-09-10</discovery>
       <entry>2007-09-21</entry>
+      <modified>2007-09-21</modified>
     </dates>
   </vuln>
 
--- vuxml.patch ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted: