git: 9169d8e03708 - main - security/vuxml: Document mediawiki multiple vulnerabilities
Date: Thu, 29 Dec 2022 03:45:33 UTC
The branch main has been updated by wen:
URL: https://cgit.FreeBSD.org/ports/commit/?id=9169d8e03708ca0fe85c6889ab9ce18c5f08d4ab
commit 9169d8e03708ca0fe85c6889ab9ce18c5f08d4ab
Author: Wen Heping <wen@FreeBSD.org>
AuthorDate: 2022-12-29 03:42:17 +0000
Commit: Wen Heping <wen@FreeBSD.org>
CommitDate: 2022-12-29 03:42:17 +0000
security/vuxml: Document mediawiki multiple vulnerabilities
---
security/vuxml/vuln/2022.xml | 34 ++++++++++++++++++++++++++++++++++
1 file changed, 34 insertions(+)
diff --git a/security/vuxml/vuln/2022.xml b/security/vuxml/vuln/2022.xml
index 7f45e9e5fb06..8ab153950f0d 100644
--- a/security/vuxml/vuln/2022.xml
+++ b/security/vuxml/vuln/2022.xml
@@ -1,3 +1,37 @@
+ <vuln vid="d379aa14-8729-11ed-b988-080027d3a315">
+ <topic>mediawiki -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>mediawiki135</name>
+ <range><lt>1.35.9</lt></range>
+ </package>
+ <package>
+ <name>mediawiki138</name>
+ <range><lt>1.38.5</lt></range>
+ </package>
+ <package>
+ <name>mediawiki139</name>
+ <range><lt>1.39.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mediawikwi reports:</p>
+ <blockquote cite="https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/">
+ <p>(T322637, CVE-2022-PENDING) SECURITY: Make sqlite DB files not world readable.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2022-PENDING</cvename>
+ <url>https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/</url>
+ </references>
+ <dates>
+ <discovery>2022-12-01</discovery>
+ <entry>2022-12-29</entry>
+ </dates>
+ </vuln>
+
<vuln vid="4b60c3d9-8640-11ed-a762-482ae324f959">
<topic>netdata -- multiple vulnerabilities with streaming</topic>
<affects>