Bug 202328

Summary: www/mediawiki123: {124,125} unresolved security vulnerabilities
Product: Ports & Packages Reporter: Jason Unovitch <junovitch>
Component: Individual Port(s)Assignee: Jason Unovitch <junovitch>
Status: Closed FIXED    
Severity: Affects Only Me CC: delphij, ports-secteam, wen
Priority: --- Keywords: security
Version: LatestFlags: delphij: merge-quarterly+
Hardware: Any   
OS: Any   
Attachments:
Description Flags
security/vuxml entires for MediaWiki none

Description Jason Unovitch freebsd_committer freebsd_triage 2015-08-14 16:51:39 UTC 
Created attachment 159864 [details]
security/vuxml entires for MediaWiki

Document MediaWiki multiple security vulnerabilities

% make validate
/bin/sh /usr/ports/security/vuxml/files/tidy.sh "/usr/ports/security/vuxml/files/tidy.xsl" "/usr/ports/security/vuxml/vuln.xml" > "/usr/ports/security/vuxml/vuln.xml.tidy"
>>> Validating...
/usr/local/bin/xmllint --valid --noout /usr/ports/security/vuxml/vuln.xml
>>> Successful.
Checking if tidy differs...
... seems okay
Checking for space/tab...
... seems okay
/usr/local/bin/python2.7 /usr/ports/security/vuxml/files/extra-validation.py /usr/ports/security/vuxml/vuln.xml

% env PKG_DBDIR=/usr/ports/security/vuxml pkg audit mediawiki124-1.24.3
0 problem(s) in the installed packages found.

% env PKG_DBDIR=/usr/ports/security/vuxml pkg audit mediawiki124-1.24.2
mediawiki124-1.24.2 is vulnerable:
mediawiki -- multiple vulnerabilities
WWW: https://vuxml.FreeBSD.org/freebsd/6241b5df-42a1-11e5-93ad-002590263bf5.html

1 problem(s) in the installed packages found.
Comment 1 Xin LI freebsd_committer freebsd_triage 2015-08-14 17:03:47 UTC 
Approved.
Comment 2 commit-hook freebsd_committer freebsd_triage 2015-08-14 17:09:45 UTC 
A commit references this bug:

Author: junovitch
Date: Fri Aug 14 17:09:30 UTC 2015
New revision: 394240
URL: https://svnweb.freebsd.org/changeset/ports/394240

Log:
  Document MediaWiki multiple security vulnerabilities

  PR:		202328
  Security:	6241b5df-42a1-11e5-93ad-002590263bf5
  Approved by:	feld (mentor)

Changes:
  head/security/vuxml/vuln.xml
Comment 3 Jason Unovitch freebsd_committer freebsd_triage 2015-08-14 17:15:09 UTC 
Retitle, pending www/mediawiki123 update in HEAD and for tracking of the MFH for all three MediaWiki ports.
Comment 4 Wen Heping freebsd_committer freebsd_triage 2015-08-15 02:26:29 UTC 
I updated mediawiki123 to 1.23.10 just now.

Please go ahead, thank you!

wen
Comment 5 Jason Unovitch freebsd_committer freebsd_triage 2015-08-15 02:32:33 UTC 
(In reply to Wen Heping from comment #4)

Thanks Wen!
Can you get approval to MFH r394265, r394009, and r394006?  Then we are 100% complete and can close this.
Comment 6 Wen Heping freebsd_committer freebsd_triage 2015-08-15 02:42:41 UTC 
(In reply to Jason Unovitch from comment #5)
Sure, thank you!

wen
Comment 7 Jason Unovitch freebsd_committer freebsd_triage 2015-08-23 22:52:27 UTC 
Set merge-quarterly flag.  Can either me or Wen MFH the 3 security updates?
mediawiki123 - https://svnweb.FreeBSD.org/changeset/ports/394265
medaiwiki124 - https://svnweb.FreeBSD.org/changeset/ports/394009
medaiwiki125 - https://svnweb.FreeBSD.org/changeset/ports/394006
Comment 8 Xin LI freebsd_committer freebsd_triage 2015-08-23 22:59:58 UTC 
Please go ahead.
Comment 9 commit-hook freebsd_committer freebsd_triage 2015-08-23 23:03:43 UTC 
A commit references this bug:

Author: junovitch
Date: Sun Aug 23 23:02:41 UTC 2015
New revision: 395142
URL: https://svnweb.freebsd.org/changeset/ports/395142

Log:
  MFH: r394006

  - Update to 1.25.2
  - Update options

  PR:		202328
  Security:	6241b5df-42a1-11e5-93ad-002590263bf5
  Approved by:	ports-secteam (delphij), delphij (mentor)

Changes:
_U  branches/2015Q3/
  branches/2015Q3/www/mediawiki125/Makefile
  branches/2015Q3/www/mediawiki125/distinfo
Comment 10 commit-hook freebsd_committer freebsd_triage 2015-08-23 23:04:45 UTC 
A commit references this bug:

Author: junovitch
Date: Sun Aug 23 23:03:51 UTC 2015
New revision: 395143
URL: https://svnweb.freebsd.org/changeset/ports/395143

Log:
  MFH: r394009

  - Update to 1.24.3
  - Update options
  - Fix file permissions

  PR:		202328
  Security:	6241b5df-42a1-11e5-93ad-002590263bf5
  Approved by:	ports-secteam (delphij), delphij (mentor)

Changes:
_U  branches/2015Q3/
  branches/2015Q3/www/mediawiki124/Makefile
  branches/2015Q3/www/mediawiki124/distinfo
Comment 11 commit-hook freebsd_committer freebsd_triage 2015-08-23 23:05:47 UTC 
A commit references this bug:

Author: junovitch
Date: Sun Aug 23 23:05:02 UTC 2015
New revision: 395144
URL: https://svnweb.freebsd.org/changeset/ports/395144

Log:
  MFH: r394265

  - Update to 1.23.10
  - Fix file permission
  - Update options

  PR:		202328
  Security:	6241b5df-42a1-11e5-93ad-002590263bf5
  Approved by:	ports-secteam (delphij), delphij (mentor)

Changes:
_U  branches/2015Q3/
  branches/2015Q3/www/mediawiki123/Makefile
  branches/2015Q3/www/mediawiki123/distinfo
Comment 12 Jason Unovitch freebsd_committer freebsd_triage 2015-08-23 23:07:28 UTC 
Closing PR.  All needed port updates are done and MFH'd and appropriate VuXML documentation is done.
Comment 13 commit-hook freebsd_committer freebsd_triage 2015-12-24 14:08:52 UTC 
A commit references this bug:

Author: junovitch
Date: Thu Dec 24 14:08:43 UTC 2015
New revision: 404365
URL: https://svnweb.freebsd.org/changeset/ports/404365

Log:
  Update earlier MediaWiki entry (r394240) with CVE assignment information

  PR:		202328
  Security:	CVE-2013-7444
  Security:	CVE-2015-6727
  Security:	CVE-2015-6728
  Security:	CVE-2015-6729
  Security:	CVE-2015-6730
  Security:	CVE-2015-6731
  Security:	CVE-2015-6733
  Security:	CVE-2015-6734
  Security:	CVE-2015-6735
  Security:	CVE-2015-6736
  Security:	CVE-2015-6737
  Security:       https://vuxml.FreeBSD.org/freebsd/6241b5df-42a1-11e5-93ad-002590263bf5.html

Changes:
  head/security/vuxml/vuln.xml