From nobody Mon Oct 02 05:11:41 2023
X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RzTZj5MCvz4vZHZ;
	Mon,  2 Oct 2023 05:11:41 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4RzTZj3Tq6z3Tfg;
	Mon,  2 Oct 2023 05:11:41 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1696223501;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=/zR5BlYu5z89HZFEeuiJq+grW1WjeQCDuICEWQGw1ag=;
	b=WQd+x7RYq2AIgMERud5DH/QgbubiTTZBF6dDAklvxEX4cJ6soflqqpV9dvB56nEHVLPCjQ
	4SsXZqwWFQPOJDHVfFjrCo6KknfB5a2kXPFB5PJ1ls13k66bBCHLgH80dUGK0EDV/VvHzZ
	AjjB4XACMdthJhuoUTUq/X8pvgZSO7YDUGS0HhM9VZCES47v7UTDTWL5+zVMV/ppqyUJqE
	J6LCtHNfJcS0c5gxTtqZ8/BTSzFMBTBDr5UXD3cWq1ZdOvFQHxpBqQUQa7vtenjJ94I+qC
	yOhxRxe/qDvYwfEBnm4X85OzroGkWxS4o0uN5mBdYuARYpbGIAjJTk8BMPvbog==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1696223501; a=rsa-sha256; cv=none;
	b=quqfUHUPvvGxa5A5gaYARhKHSJvAfWhCZ2UQcOcRzzE4CyrzGVP5iE9+p7bXRVVbfBj1UE
	aoBOA/AOhIWE/u3E4q3U7JLcbMvm3+j46tG0fliN/7wGcQB3uwQEQBAp0p/X2C6rmOskup
	1tJ/XXXVYP91ql+Nf3wtK8B6x/sjg1gsCFZhZNLafSd+y7xY/T03eNjV1IhDWrL6wfe2sL
	QIoLYaFr9zhyIKwsiFVYuG4yE8Yzd6ZsLswKYU92dhSnzAfU/FR92O3LgYSJJ4OupYTU4M
	R/UNPWf99zj3pXXiaxI3bWih484R9Vovk2wDYeUr7qc1gFqwGdEvK8WqQMcRuQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1696223501;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=/zR5BlYu5z89HZFEeuiJq+grW1WjeQCDuICEWQGw1ag=;
	b=OE+z+x5Tku/rF+WeIcUCjKQr9AZ/Cgu0IMdPW9c3sTWyAlab1iHKJvzHToztOAYHmEftbP
	00Neb1FHf8lryMW4cys7EmXyLgd/qxZrNUvBl8bFgyAWB3K5h5dJyz+kSLb0O8Xiq9i/ql
	6DY++A628U6zP1w69q6RNh06tDga3pUJGZSqthPzQpDi4TtXuERky+n1BxblOZcAB8xtmX
	ADb8MaQVnijy5Cz4H+s64ivbv1xshoLyjE0PpVNNmKC0jY7neV0YbCl0ua2onj1UIJUyQG
	+eDVdPTzK5fUwU5+BIOh/Di35i0pHhJ5IEggAl3FUFVXKK+An64Wcn9yVRtK/w==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4RzTZj2GvTzyVy;
	Mon,  2 Oct 2023 05:11:41 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 3925BfAY067875;
	Mon, 2 Oct 2023 05:11:41 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 3925BfRp067872;
	Mon, 2 Oct 2023 05:11:41 GMT
	(envelope-from git)
Date: Mon, 2 Oct 2023 05:11:41 GMT
Message-Id: <202310020511.3925BfRp067872@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
        dev-commits-ports-main@FreeBSD.org
From: Wen Heping <wen@FreeBSD.org>
Subject: git: d6503d5a5a2e - main - security/vuxml: Document mediawiki
  multiple vulnerabilities
List-Id: Commit messages for all branches of the ports repository <dev-commits-ports-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all
List-Help: <mailto:dev-commits-ports-all+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-ports-all@freebsd.org
X-BeenThere: dev-commits-ports-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: wen
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: d6503d5a5a2e9b0207b100d4b859f5f6061c2e78
Auto-Submitted: auto-generated

The branch main has been updated by wen:

URL: https://cgit.FreeBSD.org/ports/commit/?id=d6503d5a5a2e9b0207b100d4b859f5f6061c2e78

commit d6503d5a5a2e9b0207b100d4b859f5f6061c2e78
Author:     Wen Heping <wen@FreeBSD.org>
AuthorDate: 2023-10-02 05:09:54 +0000
Commit:     Wen Heping <wen@FreeBSD.org>
CommitDate: 2023-10-02 05:10:57 +0000

    security/vuxml: Document mediawiki multiple vulnerabilities
---
 security/vuxml/vuln/2023.xml | 48 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)

diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml
index 2ce08e4bb4aa..5688a356c700 100644
--- a/security/vuxml/vuln/2023.xml
+++ b/security/vuxml/vuln/2023.xml
@@ -1,3 +1,51 @@
+  <vuln vid="e59fed96-60da-11ee-9102-000c29de725b">
+    <topic>mediawiki -- multiple vulnerabilities</topic>
+    <affects>
+	<package>
+	<name>mediawiki135</name>
+	<range><lt>1.35.13</lt></range>
+      </package>
+      <package>
+	<name>mediawiki139</name>
+	<range><lt>1.39.5</lt></range>
+      </package>
+      <package>
+	<name>mediawiki140</name>
+	<range><lt>1.40.1</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Mediawikwi reports:</p>
+	<blockquote cite="https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/BRWOWACCHMYRIS7JRTT6XD44X3362MVL/">
+	  <p>(T264765, CVE-2023-PENDING) SECURITY: Users without correct permission
+	    are incorrectly shown MediaWiki:Missing-revision-permission.</p>
+	  <p>(T333050, CVE-2023-PENDING) SECURITY: Fix infinite loop for
+	    self-redirects with variants conversion.</p>
+	  <p>(T340217, CVE-2023-PENDING) SECURITY: Vector 2022: Numerous unescaped
+	    messages leading to potential XSS.</p>
+	  <p>(T340220, CVE-2023-PENDING) SECURITY: Vector 2022: vector-intro-page
+	    message is assumed to yield a valid title.</p>
+	  <p>(T340221, CVE-2023-PENDING) SECURITY: XSS via
+	    'youhavenewmessagesmanyusers' and 'youhavenewmessages' messages.</p>
+	  <p>(T341529, CVE-2023-PENDING) SECURITY: diff-multi-sameuser ("X
+	    intermediate revisions by the same user not shown") ignores username
+	    suppression.</p>
+	  <p>(T341565, CVE-2023-3550) SECURITY: Stored XSS when uploading crafted XML
+	    file to Special:Upload (non-standard configuration).</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2023-3550</cvename>
+      <url>https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/BRWOWACCHMYRIS7JRTT6XD44X3362MVL/</url>
+    </references>
+    <dates>
+      <discovery>2023-09-01</discovery>
+      <entry>2023-10-02</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="33922b84-5f09-11ee-b63d-0897988a1c07">
     <topic>Remote Code Execution via web-accessible composer</topic>
     <affects>