FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-16 19:33:48 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
298829e2-ccce-11e7-92e4-000c29649f92	mediawiki -- multiple vulnerabilities mediawiki reports: security fixes: T128209: Reflected File Download from api.php. Reported by Abdullah Hussam. T165846: BotPasswords doesn't throttle login attempts. T134100: On private wikis, login form shouldn't distinguish between login failure due to bad username and bad password. T178451: XSS when $wgShowExceptionDetails = false and browser sends non-standard url escaping. T176247: It's possible to mangle HTML via raw message parameter expansion. T125163: id attribute on headlines allow raw. T124404: language converter can be tricked into replacing text inside tags by adding a lot of junk after the rule definition. T119158: Language converter: unsafe attribute injection via glossary rules. T180488: api.log contains passwords in plaintext wasn't correctly fixed. T180231: composer.json has require-dev versions of PHPUnit with known security issues. Reported by Tom Hutchison. Discovery 2017-11-14 Entry 2017-11-19 mediawiki127 < 1.27.3 mediawiki128 < 1.28.2 mediawiki129 < 1.29.1 CVE-2017-8808 CVE-2017-8809 CVE-2017-8810 CVE-2017-8811 CVE-2017-8812 CVE-2017-8814 CVE-2017-8815 CVE-2017-0361 CVE-2017-9841 https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html

VuXML ID

Description

298829e2-ccce-11e7-92e4-000c29649f92

mediawiki -- multiple vulnerabilities

mediawiki reports:

security fixes:

T128209: Reflected File Download from api.php. Reported by Abdullah Hussam.

T165846: BotPasswords doesn't throttle login attempts.

T134100: On private wikis, login form shouldn't distinguish between login failure due to bad username and bad password.

T178451: XSS when $wgShowExceptionDetails = false and browser sends non-standard url escaping.

T176247: It's possible to mangle HTML via raw message parameter expansion.

T125163: id attribute on headlines allow raw.

T124404: language converter can be tricked into replacing text inside tags by adding a lot of junk after the rule definition.

T119158: Language converter: unsafe attribute injection via glossary rules.

T180488: api.log contains passwords in plaintext wasn't correctly fixed.

T180231: composer.json has require-dev versions of PHPUnit with known security issues. Reported by Tom Hutchison.

Discovery 2017-11-14
Entry 2017-11-19
mediawiki127

< 1.27.3

mediawiki128

< 1.28.2

mediawiki129

< 1.29.1

CVE-2017-8808
CVE-2017-8809
CVE-2017-8810
CVE-2017-8811
CVE-2017-8812
CVE-2017-8814
CVE-2017-8815
CVE-2017-0361
CVE-2017-9841
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html