Bug 251213

Summary: www/typo3-9: Update to 9.5.23
Product: Ports & Packages Reporter: Helmut Ritter <freebsd-ports>
Component: Individual Port(s)Assignee: Kurt Jaeger <pi>
Status: Closed Overcome By Events    
Severity: Affects Many People CC: eduardo, fernape, pi, ports-secteam, rene
Priority: --- Flags: fernape: merge-quarterly?
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
Update to 9.5.23
none
Update to 10.4.26 none

Comment 1 commit-hook freebsd_committer freebsd_triage 2020-11-18 18:07:45 UTC 
A commit references this bug:

Author: pi
Date: Wed Nov 18 18:04:37 UTC 2020
New revision: 555654
URL: https://svnweb.freebsd.org/changeset/ports/555654

Log:
  www/typo3-9: upgrade 9.5.21 -> 9.5.23

  - Fixes three XSS vulnerabilities detected in Fluid Engine

  PR:		251213
  Submitted by:	Helmut Ritter <freebsd-ports@charlieroot.de> (maintainer)
  MFH:		2020Q4
  Relnotes:	https://typo3.org/article/typo3-10410-and-9523-security-releases-published
  Security:	TYPO3-CORE-SA-2020-009, TYPO3-CORE-SA-2020-010,
  		TYPO3-CORE-SA-2020-011, TYPO3-CORE-SA-2020-012

Changes:
  head/www/typo3-9/Makefile
  head/www/typo3-9/distinfo
Comment 2 Kurt Jaeger freebsd_committer freebsd_triage 2020-11-18 18:07:46 UTC 
TODO: needs vuxml entries
Comment 3 commit-hook freebsd_committer freebsd_triage 2020-11-18 18:12:03 UTC 
A commit references this bug:

Author: pi
Date: Wed Nov 18 18:04:37 UTC 2020
New revision: 555654
URL: https://svnweb.freebsd.org/changeset/ports/555654

Log:
  www/typo3-9: upgrade 9.5.21 -> 9.5.23

  - Fixes three XSS vulnerabilities detected in Fluid Engine

  PR:		251213
  Submitted by:	Helmut Ritter <freebsd-ports@charlieroot.de> (maintainer)
  MFH:		2020Q4
  Relnotes:	https://typo3.org/article/typo3-10410-and-9523-security-releases-published
  Security:	TYPO3-CORE-SA-2020-009, TYPO3-CORE-SA-2020-010,
  		TYPO3-CORE-SA-2020-011, TYPO3-CORE-SA-2020-012

Changes:
  head/www/typo3-9/Makefile
  head/www/typo3-9/distinfo
Comment 4 commit-hook freebsd_committer freebsd_triage 2020-11-18 18:15:14 UTC 
A commit references this bug:

Author: pi
Date: Wed Nov 18 18:04:37 UTC 2020
New revision: 555654
URL: https://svnweb.freebsd.org/changeset/ports/555654

Log:
  www/typo3-9: upgrade 9.5.21 -> 9.5.23

  - Fixes three XSS vulnerabilities detected in Fluid Engine

  PR:		251213
  Submitted by:	Helmut Ritter <freebsd-ports@charlieroot.de> (maintainer)
  MFH:		2020Q4
  Relnotes:	https://typo3.org/article/typo3-10410-and-9523-security-releases-published
  Security:	TYPO3-CORE-SA-2020-009, TYPO3-CORE-SA-2020-010,
  		TYPO3-CORE-SA-2020-011, TYPO3-CORE-SA-2020-012

Changes:
  head/www/typo3-9/Makefile
  head/www/typo3-9/distinfo
Comment 5 Fernando Apesteguía freebsd_committer freebsd_triage 2020-11-18 19:23:28 UTC 
^Triage assigning to committer resolving the issue.

^Triage: security releases, MFH to quarterly
Comment 6 commit-hook freebsd_committer freebsd_triage 2020-11-19 20:07:35 UTC 
A commit references this bug:

Author: pi
Date: Thu Nov 19 20:06:34 UTC 2020
New revision: 555712
URL: https://svnweb.freebsd.org/changeset/ports/555712

Log:
  MFH: r555654

  www/typo3-9: upgrade 9.5.21 -> 9.5.23

  - Fixes three XSS vulnerabilities detected in Fluid Engine

  PR:		251213
  Submitted by:	Helmut Ritter <freebsd-ports@charlieroot.de> (maintainer)
  Relnotes:	https://typo3.org/article/typo3-10410-and-9523-security-releases-published
  Security:	TYPO3-CORE-SA-2020-009, TYPO3-CORE-SA-2020-010,
  		TYPO3-CORE-SA-2020-011, TYPO3-CORE-SA-2020-012
  Approved by:	ports-secteam (fluffy)

Changes:
_U  branches/2020Q4/
  branches/2020Q4/www/typo3-9/Makefile
  branches/2020Q4/www/typo3-9/distinfo
Comment 7 Fernando Apesteguía freebsd_committer freebsd_triage 2021-04-23 16:30:36 UTC 
Reopening since there are still vuxml entries pending.
Comment 8 Nuno Teixeira freebsd_committer freebsd_triage 2021-05-14 06:53:57 UTC 
(In reply to Fernando Apesteguía from comment #7)
Hello Fernando!

I've updated this port to 9.5.27 and maybe this PR can be closed, what you think?

Cheers
Comment 9 Kurt Jaeger freebsd_committer freebsd_triage 2021-05-14 07:04:12 UTC 
(In reply to Nuno Teixeira from comment #8)
Are the necessary vuxml entries in place ?
Comment 10 Nuno Teixeira freebsd_committer freebsd_triage 2021-05-14 08:30:36 UTC 
(In reply to Kurt Jaeger from comment #9)
Good question.

It was a simple update to 9.5.27 that I commit, later maintainer told me about this pending PRs.

What should I do?
Comment 11 Kurt Jaeger freebsd_committer freebsd_triage 2021-05-14 08:31:39 UTC 
(In reply to Nuno Teixeira from comment #10)
If you have the time, provide vuxml entries for the CVEs mentioned in this PR.
Comment 12 Nuno Teixeira freebsd_committer freebsd_triage 2021-05-14 08:43:23 UTC 
(In reply to Kurt Jaeger from comment #11)

For what https://get.typo3.org/release-notes/9.5.27 say, all security fixes was solved because it not mention any security problems with this version.
Comment 13 Kurt Jaeger freebsd_committer freebsd_triage 2021-05-14 08:54:09 UTC 
So the use-case for vuxml is to list CVEs for versions that are vulnerable.

If 9.5.27 is not vulnerable, but 9.5.22, and there's a CVE for that
and that CVE is not in the vuxml port, we still miss that entry and should
provide for one.

That's why this PR is still open.
Comment 14 Nuno Teixeira freebsd_committer freebsd_triage 2021-05-14 09:28:36 UTC 
(In reply to Kurt Jaeger from comment #13)

Thanks for explanation!
Comment 15 Helmut Ritter 2022-03-18 18:44:39 UTC 
Created attachment 232557 [details]
Update to 10.4.26
Comment 16 Rene Ladan freebsd_committer freebsd_triage 2022-03-31 20:14:19 UTC 
This port expired today, closing the PR (which was mostly done anyway).