Created attachment 219768 [details] Update to 9.5.23 All versions are security releases and contain important security fixes - read the corresponding security advisories here: https://typo3.org/security/advisory/typo3-core-sa-2020-009 https://typo3.org/security/advisory/typo3-core-sa-2020-010 https://typo3.org/security/advisory/typo3-core-sa-2020-011 https://typo3.org/security/advisory/typo3-core-sa-2020-012 https://typo3.org/security/advisory/typo3-psa-2020-002 https://typo3.org/security/advisory/typo3-psa-2020-003 For details about the releases, please visit the following website: https://typo3.org/article/typo3-10410-and-9523-security-releases-published
A commit references this bug: Author: pi Date: Wed Nov 18 18:04:37 UTC 2020 New revision: 555654 URL: https://svnweb.freebsd.org/changeset/ports/555654 Log: www/typo3-9: upgrade 9.5.21 -> 9.5.23 - Fixes three XSS vulnerabilities detected in Fluid Engine PR: 251213 Submitted by: Helmut Ritter <freebsd-ports@charlieroot.de> (maintainer) MFH: 2020Q4 Relnotes: https://typo3.org/article/typo3-10410-and-9523-security-releases-published Security: TYPO3-CORE-SA-2020-009, TYPO3-CORE-SA-2020-010, TYPO3-CORE-SA-2020-011, TYPO3-CORE-SA-2020-012 Changes: head/www/typo3-9/Makefile head/www/typo3-9/distinfo
TODO: needs vuxml entries
^Triage assigning to committer resolving the issue. ^Triage: security releases, MFH to quarterly
A commit references this bug: Author: pi Date: Thu Nov 19 20:06:34 UTC 2020 New revision: 555712 URL: https://svnweb.freebsd.org/changeset/ports/555712 Log: MFH: r555654 www/typo3-9: upgrade 9.5.21 -> 9.5.23 - Fixes three XSS vulnerabilities detected in Fluid Engine PR: 251213 Submitted by: Helmut Ritter <freebsd-ports@charlieroot.de> (maintainer) Relnotes: https://typo3.org/article/typo3-10410-and-9523-security-releases-published Security: TYPO3-CORE-SA-2020-009, TYPO3-CORE-SA-2020-010, TYPO3-CORE-SA-2020-011, TYPO3-CORE-SA-2020-012 Approved by: ports-secteam (fluffy) Changes: _U branches/2020Q4/ branches/2020Q4/www/typo3-9/Makefile branches/2020Q4/www/typo3-9/distinfo
Reopening since there are still vuxml entries pending.
(In reply to Fernando Apesteguía from comment #7) Hello Fernando! I've updated this port to 9.5.27 and maybe this PR can be closed, what you think? Cheers
(In reply to Nuno Teixeira from comment #8) Are the necessary vuxml entries in place ?
(In reply to Kurt Jaeger from comment #9) Good question. It was a simple update to 9.5.27 that I commit, later maintainer told me about this pending PRs. What should I do?
(In reply to Nuno Teixeira from comment #10) If you have the time, provide vuxml entries for the CVEs mentioned in this PR.
(In reply to Kurt Jaeger from comment #11) For what https://get.typo3.org/release-notes/9.5.27 say, all security fixes was solved because it not mention any security problems with this version.
So the use-case for vuxml is to list CVEs for versions that are vulnerable. If 9.5.27 is not vulnerable, but 9.5.22, and there's a CVE for that and that CVE is not in the vuxml port, we still miss that entry and should provide for one. That's why this PR is still open.
(In reply to Kurt Jaeger from comment #13) Thanks for explanation!
Created attachment 232557 [details] Update to 10.4.26
This port expired today, closing the PR (which was mostly done anyway).