From nobody Thu Dec 29 14:12:46 2022
X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NjVj62ws2z1LpVv;
	Thu, 29 Dec 2022 14:12:58 +0000 (UTC)
	(envelope-from eduardo@freebsd.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4NjVj62Nfsz46Gv;
	Thu, 29 Dec 2022 14:12:58 +0000 (UTC)
	(envelope-from eduardo@freebsd.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1672323178;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=xlJRYJ4C3BPH5fsLUaayckNpjrWXfm2s/kkB3xuqeok=;
	b=kbkzXGgAAbPvxybfSmvRO1F3hwqswCgRUpuH9w19Qw6nUXxKyns/wwCewRQthvTt0TgvJ8
	vkH8dFCRjO5Zn3jqIERO0cADr5iK6XN3UpIYpyBXJROkV7KIkUXpKpKcwWzrC3my7US2mQ
	xpPK/J1bFRIiaW+svjpiZvS4dnORJawlk6FzYoHMztDTUAqDzYV9t/+DppstXnGEAbMqLj
	RT4YfGDDkSEdGMvNVg7EcaAaapSoL5UJfuivGUGVm9qVrZ/Vusj5CBGkrO3rLjQii532Mg
	bSiM/QnHHKvjPyGk4zVMn5RghtC0jw5FyXFMYjBL85tRCPy5j6s95LlY7YCpng==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1672323178;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=xlJRYJ4C3BPH5fsLUaayckNpjrWXfm2s/kkB3xuqeok=;
	b=HKn+Uv6eurC1pzQmLjkbjBmdG4/Me3fHlTrDOKyghr/rdTOBLXus3s1nJkgjhzFZc8iZE6
	Uzyj7qcglM7wUgeDKAUD8WdUceKxJIKO/oLbToyFoJ1mo2HGDxljnY/edXum7MygjuC3pl
	NBSi3+o25bTfB3e+QJ2rma3exeLRpQxWPVIGM7wqBxmBHpnM2Yg5wwqOf9T3IdKJDqsO18
	+HjXj3KoVL5/AA8UJYR7+hgGltnrCJ0e1iRb5av5U6nrWw1/l9xS0e51Xz0nUin0ZMzbtv
	Fk4siyyGRaZTkw/NcyFah1ygiswtAOgddjb29W/48ebNv8NKEGjwgR9UG59b5Q==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1672323178; a=rsa-sha256; cv=none;
	b=kjB7H9RKYiBaQdJq11Got2bsQKzVua+ufkEqPIyX7WRCUM1gkiYeXYGuwOvjR59D+qjDUA
	8MJQIv21gAMzhh7IQ467XmHhllT88oyMdh8oA63W8jj8/VpxwC3rsoXKU16DV73nBpKAs4
	JCzIb73vaYoKUdd/GqCR1YnAKetX8xZXvmBMYhUgFnJkEk1ux+x+eYQOqARfHwxN44K5Bl
	0Mw8otIAfsj/wpwVy7H0y6SlrroJqVBHJLZB2xFXwroaA2czpg7oLau7w41JmRgojCCr3/
	FI4ltiHjL5xrr23nXYxju05IhDoTMHbVNdkDfr40VNo5+8L4q5BPvi0zVNkXWQ==
Received: from mail-ua1-f45.google.com (mail-ua1-f45.google.com [209.85.222.45])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	(Authenticated sender: eduardo)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 4NjVj61QnVzt1s;
	Thu, 29 Dec 2022 14:12:58 +0000 (UTC)
	(envelope-from eduardo@freebsd.org)
Received: by mail-ua1-f45.google.com with SMTP id c26so4198342uak.5;
        Thu, 29 Dec 2022 06:12:58 -0800 (PST)
X-Gm-Message-State: AFqh2kqRZ0JGqFist+x4qtgPKEGUmZrkQnTJi4X9USt1uD84U32+BS2b
	Gsmprdk+rfs/mce+AsNaK4PKhH9Vrzv4ncMv0SY=
X-Google-Smtp-Source: AMrXdXuQTxIc1rQ4ObeMIYppY8ldlxxW8gz8uBxxfqUWH8HagPXZCAc+gN7+2gtXa/b9ZwHvEiChZ/QjqJvOfIDblMw=
X-Received: by 2002:ab0:7055:0:b0:444:d775:b89a with SMTP id
 v21-20020ab07055000000b00444d775b89amr2713920ual.13.1672323177747; Thu, 29
 Dec 2022 06:12:57 -0800 (PST)
List-Id: Commits to the main branch of the FreeBSD ports repository <dev-commits-ports-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main
List-Help: <mailto:dev-commits-ports-main+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-main+unsubscribe@freebsd.org>
Sender: owner-dev-commits-ports-main@freebsd.org
X-BeenThere: dev-commits-ports-main@freebsd.org
MIME-Version: 1.0
References: <202212290345.2BT3jXRg070492@gitrepo.freebsd.org>
 <CAFDf7UKBKtUygPiH4NhuKiDdDkhdqcHyR=PiRYM0KHOurrV19w@mail.gmail.com> <TYXPR01MB1552C6E34478F01E4264B189ACF39@TYXPR01MB1552.jpnprd01.prod.outlook.com>
In-Reply-To: <TYXPR01MB1552C6E34478F01E4264B189ACF39@TYXPR01MB1552.jpnprd01.prod.outlook.com>
From: Nuno Teixeira <eduardo@freebsd.org>
Date: Thu, 29 Dec 2022 14:12:46 +0000
X-Gmail-Original-Message-ID: <CAFDf7UKcEsOmi2hRdZnxZcUYdQgZgDodq1gFv3VWsKB0qD9Aug@mail.gmail.com>
Message-ID: <CAFDf7UKcEsOmi2hRdZnxZcUYdQgZgDodq1gFv3VWsKB0qD9Aug@mail.gmail.com>
Subject: Re: git: 9169d8e03708 - main - security/vuxml: Document mediawiki
 multiple vulnerabilities
To: wen heping <wenheping2000@hotmail.com>
Cc: "ports-committers@freebsd.org" <ports-committers@freebsd.org>, 
	"dev-commits-ports-all@freebsd.org" <dev-commits-ports-all@freebsd.org>, 
	"dev-commits-ports-main@freebsd.org" <dev-commits-ports-main@freebsd.org>
Content-Type: multipart/alternative; boundary="000000000000f59bd805f0f81482"
X-ThisMailContainsUnwantedMimeParts: N

--000000000000f59bd805f0f81482
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Thanks Wen,

It is fixed now.

Cheers

wen heping <wenheping2000@hotmail.com> escreveu no dia quinta, 29/12/2022
=C3=A0(s) 13:19:

> Thank your message!
> I removed this uncorrect format line of <cvename> now.
>
> wen
>
> ________________________________________
> =E5=8F=91=E4=BB=B6=E4=BA=BA: Nuno Teixeira <eduardo@freebsd.org>
> =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2022=E5=B9=B412=E6=9C=8829=E6=97=A5=
 20:59
> =E6=94=B6=E4=BB=B6=E4=BA=BA: Wen Heping
> =E6=8A=84=E9=80=81: ports-committers@freebsd.org; dev-commits-ports-all@f=
reebsd.org;
> dev-commits-ports-main@freebsd.org
> =E4=B8=BB=E9=A2=98: Re: git: 9169d8e03708 - main - security/vuxml: Docume=
nt mediawiki
> multiple vulnerabilities
>
> Hello Wen,
>
> Have you noticed that vuxml are stoped at 2022-12-27?
>
> I suspect of <cvename>CVE-2022-PENDING</cvename> because it's not in
> correct format. It should be CVE-NNNN-NNNN
>
> I don't know how to access vuxml build logs but it is that for sure.
>
> Cheers
>
> Wen Heping <wen@freebsd.org<mailto:wen@freebsd.org>> escreveu no dia
> quinta, 29/12/2022 =C3=A0(s) 03:45:
> The branch main has been updated by wen:
>
> URL:
> https://cgit.FreeBSD.org/ports/commit/?id=3D9169d8e03708ca0fe85c6889ab9ce=
18c5f08d4ab
>
> commit 9169d8e03708ca0fe85c6889ab9ce18c5f08d4ab
> Author:     Wen Heping <wen@FreeBSD.org>
> AuthorDate: 2022-12-29 03:42:17 +0000
> Commit:     Wen Heping <wen@FreeBSD.org>
> CommitDate: 2022-12-29 03:42:17 +0000
>
>     security/vuxml: Document mediawiki multiple vulnerabilities
> ---
>  security/vuxml/vuln/2022.xml | 34 ++++++++++++++++++++++++++++++++++
>  1 file changed, 34 insertions(+)
>
> diff --git a/security/vuxml/vuln/2022.xml b/security/vuxml/vuln/2022.xml
> index 7f45e9e5fb06..8ab153950f0d 100644
> --- a/security/vuxml/vuln/2022.xml
> +++ b/security/vuxml/vuln/2022.xml
> @@ -1,3 +1,37 @@
> +  <vuln vid=3D"d379aa14-8729-11ed-b988-080027d3a315">
> +    <topic>mediawiki -- multiple vulnerabilities</topic>
> +    <affects>
> +      <package>
> +       <name>mediawiki135</name>
> +       <range><lt>1.35.9</lt></range>
> +      </package>
> +      <package>
> +       <name>mediawiki138</name>
> +       <range><lt>1.38.5</lt></range>
> +      </package>
> +      <package>
> +       <name>mediawiki139</name>
> +       <range><lt>1.39.1</lt></range>
> +      </package>
> +    </affects>
> +    <description>
> +      <body xmlns=3D"http://www.w3.org/1999/xhtml">
> +       <p>Mediawikwi reports:</p>
> +       <blockquote cite=3D"
> https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wiki=
media.org/message/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/
> ">
> +         <p>(T322637, CVE-2022-PENDING) SECURITY: Make sqlite DB files
> not world readable.</p>
> +       </blockquote>
> +      </body>
> +    </description>
> +    <references>
> +      <cvename>CVE-2022-PENDING</cvename>
> +      <url>
> https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wiki=
media.org/message/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/
> </url>
> +    </references>
> +    <dates>
> +      <discovery>2022-12-01</discovery>
> +      <entry>2022-12-29</entry>
> +    </dates>
> +  </vuln>
> +
>    <vuln vid=3D"4b60c3d9-8640-11ed-a762-482ae324f959">
>      <topic>netdata -- multiple vulnerabilities with streaming</topic>
>      <affects>
>
>
> --
> Nuno Teixeira
> FreeBSD Committer (ports)
>


--=20
Nuno Teixeira
FreeBSD Committer (ports)

--000000000000f59bd805f0f81482
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>Thanks Wen,</div><div><br></div><div>It is fixed now.=
</div><div><br></div><div>Cheers<br></div></div><br><div class=3D"gmail_quo=
te"><div dir=3D"ltr" class=3D"gmail_attr">wen heping &lt;<a href=3D"mailto:=
wenheping2000@hotmail.com">wenheping2000@hotmail.com</a>&gt; escreveu no di=
a quinta, 29/12/2022 =C3=A0(s) 13:19:<br></div><blockquote class=3D"gmail_q=
uote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,2=
04);padding-left:1ex">Thank your message!<br>
I removed this uncorrect format line of &lt;cvename&gt; now.<br>
<br>
wen<br>
<br>
________________________________________<br>
=E5=8F=91=E4=BB=B6=E4=BA=BA: Nuno Teixeira &lt;<a href=3D"mailto:eduardo@fr=
eebsd.org" target=3D"_blank">eduardo@freebsd.org</a>&gt;<br>
=E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2022=E5=B9=B412=E6=9C=8829=E6=97=A5 2=
0:59<br>
=E6=94=B6=E4=BB=B6=E4=BA=BA: Wen Heping<br>
=E6=8A=84=E9=80=81: <a href=3D"mailto:ports-committers@freebsd.org" target=
=3D"_blank">ports-committers@freebsd.org</a>; <a href=3D"mailto:dev-commits=
-ports-all@freebsd.org" target=3D"_blank">dev-commits-ports-all@freebsd.org=
</a>; <a href=3D"mailto:dev-commits-ports-main@freebsd.org" target=3D"_blan=
k">dev-commits-ports-main@freebsd.org</a><br>
=E4=B8=BB=E9=A2=98: Re: git: 9169d8e03708 - main - security/vuxml: Document=
 mediawiki multiple vulnerabilities<br>
<br>
Hello Wen,<br>
<br>
Have you noticed that vuxml are stoped at 2022-12-27?<br>
<br>
I suspect of &lt;cvename&gt;CVE-2022-PENDING&lt;/cvename&gt; because it&#39=
;s not in correct format. It should be CVE-NNNN-NNNN<br>
<br>
I don&#39;t know how to access vuxml build logs but it is that for sure.<br=
>
<br>
Cheers<br>
<br>
Wen Heping &lt;<a href=3D"mailto:wen@freebsd.org" target=3D"_blank">wen@fre=
ebsd.org</a>&lt;mailto:<a href=3D"mailto:wen@freebsd.org" target=3D"_blank"=
>wen@freebsd.org</a>&gt;&gt; escreveu no dia quinta, 29/12/2022 =C3=A0(s) 0=
3:45:<br>
The branch main has been updated by wen:<br>
<br>
URL: <a href=3D"https://cgit.FreeBSD.org/ports/commit/?id=3D9169d8e03708ca0=
fe85c6889ab9ce18c5f08d4ab" rel=3D"noreferrer" target=3D"_blank">https://cgi=
t.FreeBSD.org/ports/commit/?id=3D9169d8e03708ca0fe85c6889ab9ce18c5f08d4ab</=
a><br>
<br>
commit 9169d8e03708ca0fe85c6889ab9ce18c5f08d4ab<br>
Author:=C2=A0 =C2=A0 =C2=A0Wen Heping &lt;wen@FreeBSD.org&gt;<br>
AuthorDate: 2022-12-29 03:42:17 +0000<br>
Commit:=C2=A0 =C2=A0 =C2=A0Wen Heping &lt;wen@FreeBSD.org&gt;<br>
CommitDate: 2022-12-29 03:42:17 +0000<br>
<br>
=C2=A0 =C2=A0 security/vuxml: Document mediawiki multiple vulnerabilities<b=
r>
---<br>
=C2=A0security/vuxml/vuln/2022.xml | 34 ++++++++++++++++++++++++++++++++++<=
br>
=C2=A01 file changed, 34 insertions(+)<br>
<br>
diff --git a/security/vuxml/vuln/2022.xml b/security/vuxml/vuln/2022.xml<br=
>
index 7f45e9e5fb06..8ab153950f0d 100644<br>
--- a/security/vuxml/vuln/2022.xml<br>
+++ b/security/vuxml/vuln/2022.xml<br>
@@ -1,3 +1,37 @@<br>
+=C2=A0 &lt;vuln vid=3D&quot;d379aa14-8729-11ed-b988-080027d3a315&quot;&gt;=
<br>
+=C2=A0 =C2=A0 &lt;topic&gt;mediawiki -- multiple vulnerabilities&lt;/topic=
&gt;<br>
+=C2=A0 =C2=A0 &lt;affects&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 &lt;package&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0&lt;name&gt;mediawiki135&lt;/name&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0&lt;range&gt;&lt;lt&gt;1.35.9&lt;/lt&gt;&lt;/ra=
nge&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 &lt;/package&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 &lt;package&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0&lt;name&gt;mediawiki138&lt;/name&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0&lt;range&gt;&lt;lt&gt;1.38.5&lt;/lt&gt;&lt;/ra=
nge&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 &lt;/package&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 &lt;package&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0&lt;name&gt;mediawiki139&lt;/name&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0&lt;range&gt;&lt;lt&gt;1.39.1&lt;/lt&gt;&lt;/ra=
nge&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 &lt;/package&gt;<br>
+=C2=A0 =C2=A0 &lt;/affects&gt;<br>
+=C2=A0 =C2=A0 &lt;description&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 &lt;body xmlns=3D&quot;<a href=3D"http://www.w3.org/1=
999/xhtml" rel=3D"noreferrer" target=3D"_blank">http://www.w3.org/1999/xhtm=
l</a>&quot;&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0&lt;p&gt;Mediawikwi reports:&lt;/p&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0&lt;blockquote cite=3D&quot;<a href=3D"https://=
lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/=
message/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/" rel=3D"noreferrer" target=3D"_bl=
ank">https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.w=
ikimedia.org/message/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/</a>&quot;&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0&lt;p&gt;(T322637, CVE-2022-PENDING) SEC=
URITY: Make sqlite DB files not world readable.&lt;/p&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0&lt;/blockquote&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 &lt;/body&gt;<br>
+=C2=A0 =C2=A0 &lt;/description&gt;<br>
+=C2=A0 =C2=A0 &lt;references&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 &lt;cvename&gt;CVE-2022-PENDING&lt;/cvename&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 &lt;url&gt;<a href=3D"https://lists.wikimedia.org/hyp=
erkitty/list/mediawiki-announce@lists.wikimedia.org/message/UEMW64LVEH3BEXC=
JV43CVS6XPYURKWU3/" rel=3D"noreferrer" target=3D"_blank">https://lists.wiki=
media.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/UE=
MW64LVEH3BEXCJV43CVS6XPYURKWU3/</a>&lt;/url&gt;<br>
+=C2=A0 =C2=A0 &lt;/references&gt;<br>
+=C2=A0 =C2=A0 &lt;dates&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 &lt;discovery&gt;2022-12-01&lt;/discovery&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 &lt;entry&gt;2022-12-29&lt;/entry&gt;<br>
+=C2=A0 =C2=A0 &lt;/dates&gt;<br>
+=C2=A0 &lt;/vuln&gt;<br>
+<br>
=C2=A0 =C2=A0&lt;vuln vid=3D&quot;4b60c3d9-8640-11ed-a762-482ae324f959&quot=
;&gt;<br>
=C2=A0 =C2=A0 =C2=A0&lt;topic&gt;netdata -- multiple vulnerabilities with s=
treaming&lt;/topic&gt;<br>
=C2=A0 =C2=A0 =C2=A0&lt;affects&gt;<br>
<br>
<br>
--<br>
Nuno Teixeira<br>
FreeBSD Committer (ports)<br>
</blockquote></div><br clear=3D"all"><br>-- <br><div dir=3D"ltr" class=3D"g=
mail_signature"><div dir=3D"ltr"><span style=3D"color:rgb(102,102,102)">Nun=
o Teixeira<br>FreeBSD Committer (ports)</span></div></div>

--000000000000f59bd805f0f81482--