From nobody Thu Dec 29 12:59:58 2022
X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NjT570GFyz1Ldh8;
	Thu, 29 Dec 2022 13:00:11 +0000 (UTC)
	(envelope-from eduardo@freebsd.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4NjT566ZkWz40fL;
	Thu, 29 Dec 2022 13:00:10 +0000 (UTC)
	(envelope-from eduardo@freebsd.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1672318810;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=2FqlSqlLFITcyTXRT/hueGGFiiUvEYQUj2LcFrGOG5c=;
	b=L0nqOcumKJ/3HGbc98IPVO7a6gTa2Xu4BD8gSv8rL9ns/0ufF8vHeIdkcFqo8oYYBqrwEr
	oprmXix3ESoHlBrItOPKBOhXGLNvEyMuJHz7p8cq9D3HxCsCnUVJWriEZyUMLAsjyjFpQH
	hDxzHmK1zprZnOO4dp73F6f8FJ2hm4pkwS1qgXsM3PN7sKKvHXW7YVt4xwajBDgY05W10O
	90+ndyYJlK2v1cUmd9fxKtNWq4yu2i4oLiqfCJNAcWTeXlqAgZM40nXPA3r+XhW5mtac7d
	7gTlf1kWe6amQ70Um7X8OaiXdYr2tIs+tGY40Ydy+y9GafViZQz9wmDtoDjMNg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1672318810;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=2FqlSqlLFITcyTXRT/hueGGFiiUvEYQUj2LcFrGOG5c=;
	b=wkHbyFZuzXQiLdBFUFG5rZbhWx00DdVKNKUbnRbtmalJBq0xiNSwOpYmDUyZFcaGzXoVjp
	Gc/UrzNA/YMXYTLfu9sf+8fMSyO/ZXbsiUdeyqJuwDdtmg8J8pU+6uFAJEiezq/iZytm38
	G2DYMRWL7lJiYbvrzsEmaEL2C5LcWzcdOJaYn2HxDAbG/W7a2wlG2YhVFFuUTTFihOvZsj
	PcCooO1Dar3Q/hhBbFClbo3vhAIsruy5c+tm3F0t5dyI0fi/2ijYpnnM42zsbjgGEa4Onz
	tC0GlqTPIPt4pBSaxcZI0mAnb7PdGnIALARxfDdV39cLYqcsbELT5Ci/khK0FA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1672318810; a=rsa-sha256; cv=none;
	b=L9qzhaf24WRJn0JwZXhrozHHB+Gm6xcz8w9i9IzLsfjucEr+pFV1EZuOVrAH8cSPmwypGn
	2Difkzb7nEX0KkNy8S2pamoKHBJ8WlJug9BnbV9JKE7IcP46FeX+o+3k+9ivyX548eKu8W
	OXLtLPU3xyTp/rxDuXJludH+g+zvOSd+8z19yMj5BKVFRn4vu8gVisQ1skOZxjE6QiHHK1
	7B3s3hLqnO4xP9epBSxE1UEcnCJ7GRsdGgWc284asn6ojX5WUhy5/nHNtVwkIfOYkZhvAO
	7Id0CJkuari2HlI7r0RAGgx4klrLZ6B/v3ijf6RZje9Q/8mcNqRivTEv5hyDFA==
Received: from mail-ua1-f43.google.com (mail-ua1-f43.google.com [209.85.222.43])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	(Authenticated sender: eduardo)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 4NjT565HWXzsqX;
	Thu, 29 Dec 2022 13:00:10 +0000 (UTC)
	(envelope-from eduardo@freebsd.org)
Received: by mail-ua1-f43.google.com with SMTP id n9so4160973uao.13;
        Thu, 29 Dec 2022 05:00:10 -0800 (PST)
X-Gm-Message-State: AFqh2ko38ZTZMFnaAt6mAhrx1bm0FU6PInIMJ2cEb2Wn0eJZhRbnUj9G
	3JF2RlPtL5dnXxv6imk5WPCOS0qIQUFuFoITnYg=
X-Google-Smtp-Source: AMrXdXunA1ItjRiEsu+65ptzuelSFq290HnaHk48bRTngr0ilbGYaVvc60cifvrki6uDyXicUOXfiHg8qP2U7dnak1w=
X-Received: by 2002:ab0:279a:0:b0:415:65dc:4733 with SMTP id
 t26-20020ab0279a000000b0041565dc4733mr2869744uap.87.1672318810068; Thu, 29
 Dec 2022 05:00:10 -0800 (PST)
List-Id: Commits to the main branch of the FreeBSD ports repository <dev-commits-ports-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main
List-Help: <mailto:dev-commits-ports-main+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-main+unsubscribe@freebsd.org>
Sender: owner-dev-commits-ports-main@freebsd.org
X-BeenThere: dev-commits-ports-main@freebsd.org
MIME-Version: 1.0
References: <202212290345.2BT3jXRg070492@gitrepo.freebsd.org>
In-Reply-To: <202212290345.2BT3jXRg070492@gitrepo.freebsd.org>
From: Nuno Teixeira <eduardo@freebsd.org>
Date: Thu, 29 Dec 2022 12:59:58 +0000
X-Gmail-Original-Message-ID: <CAFDf7UKBKtUygPiH4NhuKiDdDkhdqcHyR=PiRYM0KHOurrV19w@mail.gmail.com>
Message-ID: <CAFDf7UKBKtUygPiH4NhuKiDdDkhdqcHyR=PiRYM0KHOurrV19w@mail.gmail.com>
Subject: Re: git: 9169d8e03708 - main - security/vuxml: Document mediawiki
 multiple vulnerabilities
To: Wen Heping <wen@freebsd.org>
Cc: ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, 
	dev-commits-ports-main@freebsd.org
Content-Type: multipart/alternative; boundary="000000000000a01cac05f0f7101b"
X-ThisMailContainsUnwantedMimeParts: N

--000000000000a01cac05f0f7101b
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hello Wen,

Have you noticed that vuxml are stoped at 2022-12-27?

I suspect of <cvename>CVE-2022-PENDING</cvename> because it's not in
correct format. It should be CVE-NNNN-NNNN

I don't know how to access vuxml build logs but it is that for sure.

Cheers

Wen Heping <wen@freebsd.org> escreveu no dia quinta, 29/12/2022 =C3=A0(s) 0=
3:45:

> The branch main has been updated by wen:
>
> URL:
> https://cgit.FreeBSD.org/ports/commit/?id=3D9169d8e03708ca0fe85c6889ab9ce=
18c5f08d4ab
>
> commit 9169d8e03708ca0fe85c6889ab9ce18c5f08d4ab
> Author:     Wen Heping <wen@FreeBSD.org>
> AuthorDate: 2022-12-29 03:42:17 +0000
> Commit:     Wen Heping <wen@FreeBSD.org>
> CommitDate: 2022-12-29 03:42:17 +0000
>
>     security/vuxml: Document mediawiki multiple vulnerabilities
> ---
>  security/vuxml/vuln/2022.xml | 34 ++++++++++++++++++++++++++++++++++
>  1 file changed, 34 insertions(+)
>
> diff --git a/security/vuxml/vuln/2022.xml b/security/vuxml/vuln/2022.xml
> index 7f45e9e5fb06..8ab153950f0d 100644
> --- a/security/vuxml/vuln/2022.xml
> +++ b/security/vuxml/vuln/2022.xml
> @@ -1,3 +1,37 @@
> +  <vuln vid=3D"d379aa14-8729-11ed-b988-080027d3a315">
> +    <topic>mediawiki -- multiple vulnerabilities</topic>
> +    <affects>
> +      <package>
> +       <name>mediawiki135</name>
> +       <range><lt>1.35.9</lt></range>
> +      </package>
> +      <package>
> +       <name>mediawiki138</name>
> +       <range><lt>1.38.5</lt></range>
> +      </package>
> +      <package>
> +       <name>mediawiki139</name>
> +       <range><lt>1.39.1</lt></range>
> +      </package>
> +    </affects>
> +    <description>
> +      <body xmlns=3D"http://www.w3.org/1999/xhtml">
> +       <p>Mediawikwi reports:</p>
> +       <blockquote cite=3D"
> https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wiki=
media.org/message/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/
> ">
> +         <p>(T322637, CVE-2022-PENDING) SECURITY: Make sqlite DB files
> not world readable.</p>
> +       </blockquote>
> +      </body>
> +    </description>
> +    <references>
> +      <cvename>CVE-2022-PENDING</cvename>
> +      <url>
> https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wiki=
media.org/message/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/
> </url>
> +    </references>
> +    <dates>
> +      <discovery>2022-12-01</discovery>
> +      <entry>2022-12-29</entry>
> +    </dates>
> +  </vuln>
> +
>    <vuln vid=3D"4b60c3d9-8640-11ed-a762-482ae324f959">
>      <topic>netdata -- multiple vulnerabilities with streaming</topic>
>      <affects>
>


--=20
Nuno Teixeira
FreeBSD Committer (ports)

--000000000000a01cac05f0f7101b
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>Hello Wen,</div><div><br></div><div>Have you noticed =
that vuxml are stoped at 2022-12-27?</div><div><br></div><div>I suspect of =
&lt;cvename&gt;CVE-2022-PENDING&lt;/cvename&gt; because it&#39;s not in cor=
rect format. It should be CVE-NNNN-NNNN</div><div><br></div><div>I don&#39;=
t know how to access vuxml build logs but it is that for sure.</div><div><b=
r></div><div>Cheers<br></div><div></div></div><br><div class=3D"gmail_quote=
"><div dir=3D"ltr" class=3D"gmail_attr">Wen Heping &lt;<a href=3D"mailto:we=
n@freebsd.org">wen@freebsd.org</a>&gt; escreveu no dia quinta, 29/12/2022 =
=C3=A0(s) 03:45:<br></div><blockquote class=3D"gmail_quote" style=3D"margin=
:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"=
>The branch main has been updated by wen:<br>
<br>
URL: <a href=3D"https://cgit.FreeBSD.org/ports/commit/?id=3D9169d8e03708ca0=
fe85c6889ab9ce18c5f08d4ab" rel=3D"noreferrer" target=3D"_blank">https://cgi=
t.FreeBSD.org/ports/commit/?id=3D9169d8e03708ca0fe85c6889ab9ce18c5f08d4ab</=
a><br>
<br>
commit 9169d8e03708ca0fe85c6889ab9ce18c5f08d4ab<br>
Author:=C2=A0 =C2=A0 =C2=A0Wen Heping &lt;wen@FreeBSD.org&gt;<br>
AuthorDate: 2022-12-29 03:42:17 +0000<br>
Commit:=C2=A0 =C2=A0 =C2=A0Wen Heping &lt;wen@FreeBSD.org&gt;<br>
CommitDate: 2022-12-29 03:42:17 +0000<br>
<br>
=C2=A0 =C2=A0 security/vuxml: Document mediawiki multiple vulnerabilities<b=
r>
---<br>
=C2=A0security/vuxml/vuln/2022.xml | 34 ++++++++++++++++++++++++++++++++++<=
br>
=C2=A01 file changed, 34 insertions(+)<br>
<br>
diff --git a/security/vuxml/vuln/2022.xml b/security/vuxml/vuln/2022.xml<br=
>
index 7f45e9e5fb06..8ab153950f0d 100644<br>
--- a/security/vuxml/vuln/2022.xml<br>
+++ b/security/vuxml/vuln/2022.xml<br>
@@ -1,3 +1,37 @@<br>
+=C2=A0 &lt;vuln vid=3D&quot;d379aa14-8729-11ed-b988-080027d3a315&quot;&gt;=
<br>
+=C2=A0 =C2=A0 &lt;topic&gt;mediawiki -- multiple vulnerabilities&lt;/topic=
&gt;<br>
+=C2=A0 =C2=A0 &lt;affects&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 &lt;package&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0&lt;name&gt;mediawiki135&lt;/name&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0&lt;range&gt;&lt;lt&gt;1.35.9&lt;/lt&gt;&lt;/ra=
nge&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 &lt;/package&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 &lt;package&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0&lt;name&gt;mediawiki138&lt;/name&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0&lt;range&gt;&lt;lt&gt;1.38.5&lt;/lt&gt;&lt;/ra=
nge&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 &lt;/package&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 &lt;package&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0&lt;name&gt;mediawiki139&lt;/name&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0&lt;range&gt;&lt;lt&gt;1.39.1&lt;/lt&gt;&lt;/ra=
nge&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 &lt;/package&gt;<br>
+=C2=A0 =C2=A0 &lt;/affects&gt;<br>
+=C2=A0 =C2=A0 &lt;description&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 &lt;body xmlns=3D&quot;<a href=3D"http://www.w3.org/1=
999/xhtml" rel=3D"noreferrer" target=3D"_blank">http://www.w3.org/1999/xhtm=
l</a>&quot;&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0&lt;p&gt;Mediawikwi reports:&lt;/p&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0&lt;blockquote cite=3D&quot;<a href=3D"https://=
lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/=
message/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/" rel=3D"noreferrer" target=3D"_bl=
ank">https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.w=
ikimedia.org/message/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/</a>&quot;&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0&lt;p&gt;(T322637, CVE-2022-PENDING) SEC=
URITY: Make sqlite DB files not world readable.&lt;/p&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0&lt;/blockquote&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 &lt;/body&gt;<br>
+=C2=A0 =C2=A0 &lt;/description&gt;<br>
+=C2=A0 =C2=A0 &lt;references&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 &lt;cvename&gt;CVE-2022-PENDING&lt;/cvename&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 &lt;url&gt;<a href=3D"https://lists.wikimedia.org/hyp=
erkitty/list/mediawiki-announce@lists.wikimedia.org/message/UEMW64LVEH3BEXC=
JV43CVS6XPYURKWU3/" rel=3D"noreferrer" target=3D"_blank">https://lists.wiki=
media.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/UE=
MW64LVEH3BEXCJV43CVS6XPYURKWU3/</a>&lt;/url&gt;<br>
+=C2=A0 =C2=A0 &lt;/references&gt;<br>
+=C2=A0 =C2=A0 &lt;dates&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 &lt;discovery&gt;2022-12-01&lt;/discovery&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 &lt;entry&gt;2022-12-29&lt;/entry&gt;<br>
+=C2=A0 =C2=A0 &lt;/dates&gt;<br>
+=C2=A0 &lt;/vuln&gt;<br>
+<br>
=C2=A0 =C2=A0&lt;vuln vid=3D&quot;4b60c3d9-8640-11ed-a762-482ae324f959&quot=
;&gt;<br>
=C2=A0 =C2=A0 =C2=A0&lt;topic&gt;netdata -- multiple vulnerabilities with s=
treaming&lt;/topic&gt;<br>
=C2=A0 =C2=A0 =C2=A0&lt;affects&gt;<br>
</blockquote></div><br clear=3D"all"><br>-- <br><div dir=3D"ltr" class=3D"g=
mail_signature"><div dir=3D"ltr"><span style=3D"color:rgb(102,102,102)">Nun=
o Teixeira<br>FreeBSD Committer (ports)</span></div></div>

--000000000000a01cac05f0f7101b--