回复: git: 9169d8e03708 - main - security/vux ml:_Document_mediawiki_multiple_vulnerabilities
Date: Thu, 29 Dec 2022 13:19:38 UTC
Thank your message! I removed this uncorrect format line of <cvename> now. wen ________________________________________ 发件人: Nuno Teixeira <eduardo@freebsd.org> 发送时间: 2022年12月29日 20:59 收件人: Wen Heping 抄送: ports-committers@freebsd.org; dev-commits-ports-all@freebsd.org; dev-commits-ports-main@freebsd.org 主题: Re: git: 9169d8e03708 - main - security/vuxml: Document mediawiki multiple vulnerabilities Hello Wen, Have you noticed that vuxml are stoped at 2022-12-27? I suspect of <cvename>CVE-2022-PENDING</cvename> because it's not in correct format. It should be CVE-NNNN-NNNN I don't know how to access vuxml build logs but it is that for sure. Cheers Wen Heping <wen@freebsd.org<mailto:wen@freebsd.org>> escreveu no dia quinta, 29/12/2022 à(s) 03:45: The branch main has been updated by wen: URL: https://cgit.FreeBSD.org/ports/commit/?id=9169d8e03708ca0fe85c6889ab9ce18c5f08d4ab commit 9169d8e03708ca0fe85c6889ab9ce18c5f08d4ab Author: Wen Heping <wen@FreeBSD.org> AuthorDate: 2022-12-29 03:42:17 +0000 Commit: Wen Heping <wen@FreeBSD.org> CommitDate: 2022-12-29 03:42:17 +0000 security/vuxml: Document mediawiki multiple vulnerabilities --- security/vuxml/vuln/2022.xml | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/security/vuxml/vuln/2022.xml b/security/vuxml/vuln/2022.xml index 7f45e9e5fb06..8ab153950f0d 100644 --- a/security/vuxml/vuln/2022.xml +++ b/security/vuxml/vuln/2022.xml @@ -1,3 +1,37 @@ + <vuln vid="d379aa14-8729-11ed-b988-080027d3a315"> + <topic>mediawiki -- multiple vulnerabilities</topic> + <affects> + <package> + <name>mediawiki135</name> + <range><lt>1.35.9</lt></range> + </package> + <package> + <name>mediawiki138</name> + <range><lt>1.38.5</lt></range> + </package> + <package> + <name>mediawiki139</name> + <range><lt>1.39.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Mediawikwi reports:</p> + <blockquote cite="https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/"> + <p>(T322637, CVE-2022-PENDING) SECURITY: Make sqlite DB files not world readable.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2022-PENDING</cvename> + <url>https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/</url> + </references> + <dates> + <discovery>2022-12-01</discovery> + <entry>2022-12-29</entry> + </dates> + </vuln> + <vuln vid="4b60c3d9-8640-11ed-a762-482ae324f959"> <topic>netdata -- multiple vulnerabilities with streaming</topic> <affects> -- Nuno Teixeira FreeBSD Committer (ports)