Date: Thu, 29 Dec 2022 14:12:46 +0000 From: Nuno Teixeira <eduardo@freebsd.org> To: wen heping <wenheping2000@hotmail.com> Cc: "ports-committers@freebsd.org" <ports-committers@freebsd.org>, "dev-commits-ports-all@freebsd.org" <dev-commits-ports-all@freebsd.org>, "dev-commits-ports-main@freebsd.org" <dev-commits-ports-main@freebsd.org> Subject: Re: git: 9169d8e03708 - main - security/vuxml: Document mediawiki multiple vulnerabilities Message-ID: <CAFDf7UKcEsOmi2hRdZnxZcUYdQgZgDodq1gFv3VWsKB0qD9Aug@mail.gmail.com> In-Reply-To: <TYXPR01MB1552C6E34478F01E4264B189ACF39@TYXPR01MB1552.jpnprd01.prod.outlook.com> References: <202212290345.2BT3jXRg070492@gitrepo.freebsd.org> <CAFDf7UKBKtUygPiH4NhuKiDdDkhdqcHyR=PiRYM0KHOurrV19w@mail.gmail.com> <TYXPR01MB1552C6E34478F01E4264B189ACF39@TYXPR01MB1552.jpnprd01.prod.outlook.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--000000000000f59bd805f0f81482 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Thanks Wen, It is fixed now. Cheers wen heping <wenheping2000@hotmail.com> escreveu no dia quinta, 29/12/2022 =C3=A0(s) 13:19: > Thank your message! > I removed this uncorrect format line of <cvename> now. > > wen > > ________________________________________ > =E5=8F=91=E4=BB=B6=E4=BA=BA: Nuno Teixeira <eduardo@freebsd.org> > =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2022=E5=B9=B412=E6=9C=8829=E6=97=A5= 20:59 > =E6=94=B6=E4=BB=B6=E4=BA=BA: Wen Heping > =E6=8A=84=E9=80=81: ports-committers@freebsd.org; dev-commits-ports-all@f= reebsd.org; > dev-commits-ports-main@freebsd.org > =E4=B8=BB=E9=A2=98: Re: git: 9169d8e03708 - main - security/vuxml: Docume= nt mediawiki > multiple vulnerabilities > > Hello Wen, > > Have you noticed that vuxml are stoped at 2022-12-27? > > I suspect of <cvename>CVE-2022-PENDING</cvename> because it's not in > correct format. It should be CVE-NNNN-NNNN > > I don't know how to access vuxml build logs but it is that for sure. > > Cheers > > Wen Heping <wen@freebsd.org<mailto:wen@freebsd.org>> escreveu no dia > quinta, 29/12/2022 =C3=A0(s) 03:45: > The branch main has been updated by wen: > > URL: > https://cgit.FreeBSD.org/ports/commit/?id=3D9169d8e03708ca0fe85c6889ab9ce= 18c5f08d4ab > > commit 9169d8e03708ca0fe85c6889ab9ce18c5f08d4ab > Author: Wen Heping <wen@FreeBSD.org> > AuthorDate: 2022-12-29 03:42:17 +0000 > Commit: Wen Heping <wen@FreeBSD.org> > CommitDate: 2022-12-29 03:42:17 +0000 > > security/vuxml: Document mediawiki multiple vulnerabilities > --- > security/vuxml/vuln/2022.xml | 34 ++++++++++++++++++++++++++++++++++ > 1 file changed, 34 insertions(+) > > diff --git a/security/vuxml/vuln/2022.xml b/security/vuxml/vuln/2022.xml > index 7f45e9e5fb06..8ab153950f0d 100644 > --- a/security/vuxml/vuln/2022.xml > +++ b/security/vuxml/vuln/2022.xml > @@ -1,3 +1,37 @@ > + <vuln vid=3D"d379aa14-8729-11ed-b988-080027d3a315"> > + <topic>mediawiki -- multiple vulnerabilities</topic> > + <affects> > + <package> > + <name>mediawiki135</name> > + <range><lt>1.35.9</lt></range> > + </package> > + <package> > + <name>mediawiki138</name> > + <range><lt>1.38.5</lt></range> > + </package> > + <package> > + <name>mediawiki139</name> > + <range><lt>1.39.1</lt></range> > + </package> > + </affects> > + <description> > + <body xmlns=3D"http://www.w3.org/1999/xhtml"> > + <p>Mediawikwi reports:</p> > + <blockquote cite=3D" > https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wiki= media.org/message/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/ > "> > + <p>(T322637, CVE-2022-PENDING) SECURITY: Make sqlite DB files > not world readable.</p> > + </blockquote> > + </body> > + </description> > + <references> > + <cvename>CVE-2022-PENDING</cvename> > + <url> > https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wiki= media.org/message/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/ > </url> > + </references> > + <dates> > + <discovery>2022-12-01</discovery> > + <entry>2022-12-29</entry> > + </dates> > + </vuln> > + > <vuln vid=3D"4b60c3d9-8640-11ed-a762-482ae324f959"> > <topic>netdata -- multiple vulnerabilities with streaming</topic> > <affects> > > > -- > Nuno Teixeira > FreeBSD Committer (ports) > --=20 Nuno Teixeira FreeBSD Committer (ports) --000000000000f59bd805f0f81482 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><div>Thanks Wen,</div><div><br></div><div>It is fixed now.= </div><div><br></div><div>Cheers<br></div></div><br><div class=3D"gmail_quo= te"><div dir=3D"ltr" class=3D"gmail_attr">wen heping <<a href=3D"mailto:= wenheping2000@hotmail.com">wenheping2000@hotmail.com</a>> escreveu no di= a quinta, 29/12/2022 =C3=A0(s) 13:19:<br></div><blockquote class=3D"gmail_q= uote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,2= 04);padding-left:1ex">Thank your message!<br> I removed this uncorrect format line of <cvename> now.<br> <br> wen<br> <br> ________________________________________<br> =E5=8F=91=E4=BB=B6=E4=BA=BA: Nuno Teixeira <<a href=3D"mailto:eduardo@fr= eebsd.org" target=3D"_blank">eduardo@freebsd.org</a>><br> =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2022=E5=B9=B412=E6=9C=8829=E6=97=A5 2= 0:59<br> =E6=94=B6=E4=BB=B6=E4=BA=BA: Wen Heping<br> =E6=8A=84=E9=80=81: <a href=3D"mailto:ports-committers@freebsd.org" target= =3D"_blank">ports-committers@freebsd.org</a>; <a href=3D"mailto:dev-commits= -ports-all@freebsd.org" target=3D"_blank">dev-commits-ports-all@freebsd.org= </a>; <a href=3D"mailto:dev-commits-ports-main@freebsd.org" target=3D"_blan= k">dev-commits-ports-main@freebsd.org</a><br> =E4=B8=BB=E9=A2=98: Re: git: 9169d8e03708 - main - security/vuxml: Document= mediawiki multiple vulnerabilities<br> <br> Hello Wen,<br> <br> Have you noticed that vuxml are stoped at 2022-12-27?<br> <br> I suspect of <cvename>CVE-2022-PENDING</cvename> because it'= ;s not in correct format. It should be CVE-NNNN-NNNN<br> <br> I don't know how to access vuxml build logs but it is that for sure.<br= > <br> Cheers<br> <br> Wen Heping <<a href=3D"mailto:wen@freebsd.org" target=3D"_blank">wen@fre= ebsd.org</a><mailto:<a href=3D"mailto:wen@freebsd.org" target=3D"_blank"= >wen@freebsd.org</a>>> escreveu no dia quinta, 29/12/2022 =C3=A0(s) 0= 3:45:<br> The branch main has been updated by wen:<br> <br> URL: <a href=3D"https://cgit.FreeBSD.org/ports/commit/?id=3D9169d8e03708ca0= fe85c6889ab9ce18c5f08d4ab" rel=3D"noreferrer" target=3D"_blank">https://cgi= t.FreeBSD.org/ports/commit/?id=3D9169d8e03708ca0fe85c6889ab9ce18c5f08d4ab</= a><br> <br> commit 9169d8e03708ca0fe85c6889ab9ce18c5f08d4ab<br> Author:=C2=A0 =C2=A0 =C2=A0Wen Heping <wen@FreeBSD.org><br> AuthorDate: 2022-12-29 03:42:17 +0000<br> Commit:=C2=A0 =C2=A0 =C2=A0Wen Heping <wen@FreeBSD.org><br> CommitDate: 2022-12-29 03:42:17 +0000<br> <br> =C2=A0 =C2=A0 security/vuxml: Document mediawiki multiple vulnerabilities<b= r> ---<br> =C2=A0security/vuxml/vuln/2022.xml | 34 ++++++++++++++++++++++++++++++++++<= br> =C2=A01 file changed, 34 insertions(+)<br> <br> diff --git a/security/vuxml/vuln/2022.xml b/security/vuxml/vuln/2022.xml<br= > index 7f45e9e5fb06..8ab153950f0d 100644<br> --- a/security/vuxml/vuln/2022.xml<br> +++ b/security/vuxml/vuln/2022.xml<br> @@ -1,3 +1,37 @@<br> +=C2=A0 <vuln vid=3D"d379aa14-8729-11ed-b988-080027d3a315">= <br> +=C2=A0 =C2=A0 <topic>mediawiki -- multiple vulnerabilities</topic= ><br> +=C2=A0 =C2=A0 <affects><br> +=C2=A0 =C2=A0 =C2=A0 <package><br> +=C2=A0 =C2=A0 =C2=A0 =C2=A0<name>mediawiki135</name><br> +=C2=A0 =C2=A0 =C2=A0 =C2=A0<range><lt>1.35.9</lt></ra= nge><br> +=C2=A0 =C2=A0 =C2=A0 </package><br> +=C2=A0 =C2=A0 =C2=A0 <package><br> +=C2=A0 =C2=A0 =C2=A0 =C2=A0<name>mediawiki138</name><br> +=C2=A0 =C2=A0 =C2=A0 =C2=A0<range><lt>1.38.5</lt></ra= nge><br> +=C2=A0 =C2=A0 =C2=A0 </package><br> +=C2=A0 =C2=A0 =C2=A0 <package><br> +=C2=A0 =C2=A0 =C2=A0 =C2=A0<name>mediawiki139</name><br> +=C2=A0 =C2=A0 =C2=A0 =C2=A0<range><lt>1.39.1</lt></ra= nge><br> +=C2=A0 =C2=A0 =C2=A0 </package><br> +=C2=A0 =C2=A0 </affects><br> +=C2=A0 =C2=A0 <description><br> +=C2=A0 =C2=A0 =C2=A0 <body xmlns=3D"<a href=3D"http://www.w3.org/1= 999/xhtml" rel=3D"noreferrer" target=3D"_blank">http://www.w3.org/1999/xhtm= l</a>"><br> +=C2=A0 =C2=A0 =C2=A0 =C2=A0<p>Mediawikwi reports:</p><br> +=C2=A0 =C2=A0 =C2=A0 =C2=A0<blockquote cite=3D"<a href=3D"https://= lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/= message/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/" rel=3D"noreferrer" target=3D"_bl= ank">https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.w= ikimedia.org/message/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/</a>"><br> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0<p>(T322637, CVE-2022-PENDING) SEC= URITY: Make sqlite DB files not world readable.</p><br> +=C2=A0 =C2=A0 =C2=A0 =C2=A0</blockquote><br> +=C2=A0 =C2=A0 =C2=A0 </body><br> +=C2=A0 =C2=A0 </description><br> +=C2=A0 =C2=A0 <references><br> +=C2=A0 =C2=A0 =C2=A0 <cvename>CVE-2022-PENDING</cvename><br> +=C2=A0 =C2=A0 =C2=A0 <url><a href=3D"https://lists.wikimedia.org/hyp= erkitty/list/mediawiki-announce@lists.wikimedia.org/message/UEMW64LVEH3BEXC= JV43CVS6XPYURKWU3/" rel=3D"noreferrer" target=3D"_blank">https://lists.wiki= media.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/UE= MW64LVEH3BEXCJV43CVS6XPYURKWU3/</a></url><br> +=C2=A0 =C2=A0 </references><br> +=C2=A0 =C2=A0 <dates><br> +=C2=A0 =C2=A0 =C2=A0 <discovery>2022-12-01</discovery><br> +=C2=A0 =C2=A0 =C2=A0 <entry>2022-12-29</entry><br> +=C2=A0 =C2=A0 </dates><br> +=C2=A0 </vuln><br> +<br> =C2=A0 =C2=A0<vuln vid=3D"4b60c3d9-8640-11ed-a762-482ae324f959"= ;><br> =C2=A0 =C2=A0 =C2=A0<topic>netdata -- multiple vulnerabilities with s= treaming</topic><br> =C2=A0 =C2=A0 =C2=A0<affects><br> <br> <br> --<br> Nuno Teixeira<br> FreeBSD Committer (ports)<br> </blockquote></div><br clear=3D"all"><br>-- <br><div dir=3D"ltr" class=3D"g= mail_signature"><div dir=3D"ltr"><span style=3D"color:rgb(102,102,102)">Nun= o Teixeira<br>FreeBSD Committer (ports)</span></div></div> --000000000000f59bd805f0f81482--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFDf7UKcEsOmi2hRdZnxZcUYdQgZgDodq1gFv3VWsKB0qD9Aug>