Date: Thu, 29 Dec 2022 12:59:58 +0000 From: Nuno Teixeira <eduardo@freebsd.org> To: Wen Heping <wen@freebsd.org> Cc: ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, dev-commits-ports-main@freebsd.org Subject: Re: git: 9169d8e03708 - main - security/vuxml: Document mediawiki multiple vulnerabilities Message-ID: <CAFDf7UKBKtUygPiH4NhuKiDdDkhdqcHyR=PiRYM0KHOurrV19w@mail.gmail.com> In-Reply-To: <202212290345.2BT3jXRg070492@gitrepo.freebsd.org> References: <202212290345.2BT3jXRg070492@gitrepo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--000000000000a01cac05f0f7101b Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hello Wen, Have you noticed that vuxml are stoped at 2022-12-27? I suspect of <cvename>CVE-2022-PENDING</cvename> because it's not in correct format. It should be CVE-NNNN-NNNN I don't know how to access vuxml build logs but it is that for sure. Cheers Wen Heping <wen@freebsd.org> escreveu no dia quinta, 29/12/2022 =C3=A0(s) 0= 3:45: > The branch main has been updated by wen: > > URL: > https://cgit.FreeBSD.org/ports/commit/?id=3D9169d8e03708ca0fe85c6889ab9ce= 18c5f08d4ab > > commit 9169d8e03708ca0fe85c6889ab9ce18c5f08d4ab > Author: Wen Heping <wen@FreeBSD.org> > AuthorDate: 2022-12-29 03:42:17 +0000 > Commit: Wen Heping <wen@FreeBSD.org> > CommitDate: 2022-12-29 03:42:17 +0000 > > security/vuxml: Document mediawiki multiple vulnerabilities > --- > security/vuxml/vuln/2022.xml | 34 ++++++++++++++++++++++++++++++++++ > 1 file changed, 34 insertions(+) > > diff --git a/security/vuxml/vuln/2022.xml b/security/vuxml/vuln/2022.xml > index 7f45e9e5fb06..8ab153950f0d 100644 > --- a/security/vuxml/vuln/2022.xml > +++ b/security/vuxml/vuln/2022.xml > @@ -1,3 +1,37 @@ > + <vuln vid=3D"d379aa14-8729-11ed-b988-080027d3a315"> > + <topic>mediawiki -- multiple vulnerabilities</topic> > + <affects> > + <package> > + <name>mediawiki135</name> > + <range><lt>1.35.9</lt></range> > + </package> > + <package> > + <name>mediawiki138</name> > + <range><lt>1.38.5</lt></range> > + </package> > + <package> > + <name>mediawiki139</name> > + <range><lt>1.39.1</lt></range> > + </package> > + </affects> > + <description> > + <body xmlns=3D"http://www.w3.org/1999/xhtml">; > + <p>Mediawikwi reports:</p> > + <blockquote cite=3D" > https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wiki= media.org/message/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/ > "> > + <p>(T322637, CVE-2022-PENDING) SECURITY: Make sqlite DB files > not world readable.</p> > + </blockquote> > + </body> > + </description> > + <references> > + <cvename>CVE-2022-PENDING</cvename> > + <url> > https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wiki= media.org/message/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/ > </url> > + </references> > + <dates> > + <discovery>2022-12-01</discovery> > + <entry>2022-12-29</entry> > + </dates> > + </vuln> > + > <vuln vid=3D"4b60c3d9-8640-11ed-a762-482ae324f959"> > <topic>netdata -- multiple vulnerabilities with streaming</topic> > <affects> > --=20 Nuno Teixeira FreeBSD Committer (ports) --000000000000a01cac05f0f7101b Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><div>Hello Wen,</div><div><br></div><div>Have you noticed = that vuxml are stoped at 2022-12-27?</div><div><br></div><div>I suspect of = <cvename>CVE-2022-PENDING</cvename> because it's not in cor= rect format. It should be CVE-NNNN-NNNN</div><div><br></div><div>I don'= t know how to access vuxml build logs but it is that for sure.</div><div><b= r></div><div>Cheers<br></div><div></div></div><br><div class=3D"gmail_quote= "><div dir=3D"ltr" class=3D"gmail_attr">Wen Heping <<a href=3D"mailto:we= n@freebsd.org">wen@freebsd.org</a>> escreveu no dia quinta, 29/12/2022 = =C3=A0(s) 03:45:<br></div><blockquote class=3D"gmail_quote" style=3D"margin= :0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"= >The branch main has been updated by wen:<br> <br> URL: <a href=3D"https://cgit.FreeBSD.org/ports/commit/?id=3D9169d8e03708ca0= fe85c6889ab9ce18c5f08d4ab" rel=3D"noreferrer" target=3D"_blank">https://cgi= t.FreeBSD.org/ports/commit/?id=3D9169d8e03708ca0fe85c6889ab9ce18c5f08d4ab</= a><br> <br> commit 9169d8e03708ca0fe85c6889ab9ce18c5f08d4ab<br> Author:=C2=A0 =C2=A0 =C2=A0Wen Heping <wen@FreeBSD.org><br> AuthorDate: 2022-12-29 03:42:17 +0000<br> Commit:=C2=A0 =C2=A0 =C2=A0Wen Heping <wen@FreeBSD.org><br> CommitDate: 2022-12-29 03:42:17 +0000<br> <br> =C2=A0 =C2=A0 security/vuxml: Document mediawiki multiple vulnerabilities<b= r> ---<br> =C2=A0security/vuxml/vuln/2022.xml | 34 ++++++++++++++++++++++++++++++++++<= br> =C2=A01 file changed, 34 insertions(+)<br> <br> diff --git a/security/vuxml/vuln/2022.xml b/security/vuxml/vuln/2022.xml<br= > index 7f45e9e5fb06..8ab153950f0d 100644<br> --- a/security/vuxml/vuln/2022.xml<br> +++ b/security/vuxml/vuln/2022.xml<br> @@ -1,3 +1,37 @@<br> +=C2=A0 <vuln vid=3D"d379aa14-8729-11ed-b988-080027d3a315">= <br> +=C2=A0 =C2=A0 <topic>mediawiki -- multiple vulnerabilities</topic= ><br> +=C2=A0 =C2=A0 <affects><br> +=C2=A0 =C2=A0 =C2=A0 <package><br> +=C2=A0 =C2=A0 =C2=A0 =C2=A0<name>mediawiki135</name><br> +=C2=A0 =C2=A0 =C2=A0 =C2=A0<range><lt>1.35.9</lt></ra= nge><br> +=C2=A0 =C2=A0 =C2=A0 </package><br> +=C2=A0 =C2=A0 =C2=A0 <package><br> +=C2=A0 =C2=A0 =C2=A0 =C2=A0<name>mediawiki138</name><br> +=C2=A0 =C2=A0 =C2=A0 =C2=A0<range><lt>1.38.5</lt></ra= nge><br> +=C2=A0 =C2=A0 =C2=A0 </package><br> +=C2=A0 =C2=A0 =C2=A0 <package><br> +=C2=A0 =C2=A0 =C2=A0 =C2=A0<name>mediawiki139</name><br> +=C2=A0 =C2=A0 =C2=A0 =C2=A0<range><lt>1.39.1</lt></ra= nge><br> +=C2=A0 =C2=A0 =C2=A0 </package><br> +=C2=A0 =C2=A0 </affects><br> +=C2=A0 =C2=A0 <description><br> +=C2=A0 =C2=A0 =C2=A0 <body xmlns=3D"<a href=3D"http://www.w3.org/1= 999/xhtml" rel=3D"noreferrer" target=3D"_blank">http://www.w3.org/1999/xhtm= l</a>"><br> +=C2=A0 =C2=A0 =C2=A0 =C2=A0<p>Mediawikwi reports:</p><br> +=C2=A0 =C2=A0 =C2=A0 =C2=A0<blockquote cite=3D"<a href=3D"https://= lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/= message/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/" rel=3D"noreferrer" target=3D"_bl= ank">https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.w= ikimedia.org/message/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/</a>"><br> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0<p>(T322637, CVE-2022-PENDING) SEC= URITY: Make sqlite DB files not world readable.</p><br> +=C2=A0 =C2=A0 =C2=A0 =C2=A0</blockquote><br> +=C2=A0 =C2=A0 =C2=A0 </body><br> +=C2=A0 =C2=A0 </description><br> +=C2=A0 =C2=A0 <references><br> +=C2=A0 =C2=A0 =C2=A0 <cvename>CVE-2022-PENDING</cvename><br> +=C2=A0 =C2=A0 =C2=A0 <url><a href=3D"https://lists.wikimedia.org/hyp= erkitty/list/mediawiki-announce@lists.wikimedia.org/message/UEMW64LVEH3BEXC= JV43CVS6XPYURKWU3/" rel=3D"noreferrer" target=3D"_blank">https://lists.wiki= media.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/UE= MW64LVEH3BEXCJV43CVS6XPYURKWU3/</a></url><br> +=C2=A0 =C2=A0 </references><br> +=C2=A0 =C2=A0 <dates><br> +=C2=A0 =C2=A0 =C2=A0 <discovery>2022-12-01</discovery><br> +=C2=A0 =C2=A0 =C2=A0 <entry>2022-12-29</entry><br> +=C2=A0 =C2=A0 </dates><br> +=C2=A0 </vuln><br> +<br> =C2=A0 =C2=A0<vuln vid=3D"4b60c3d9-8640-11ed-a762-482ae324f959"= ;><br> =C2=A0 =C2=A0 =C2=A0<topic>netdata -- multiple vulnerabilities with s= treaming</topic><br> =C2=A0 =C2=A0 =C2=A0<affects><br> </blockquote></div><br clear=3D"all"><br>-- <br><div dir=3D"ltr" class=3D"g= mail_signature"><div dir=3D"ltr"><span style=3D"color:rgb(102,102,102)">Nun= o Teixeira<br>FreeBSD Committer (ports)</span></div></div> --000000000000a01cac05f0f7101b--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFDf7UKBKtUygPiH4NhuKiDdDkhdqcHyR=PiRYM0KHOurrV19w>