FreeBSD: VID-298829e2-ccce-11e7-92e4-000c29649f92 (CVE-2017-8812): mediawiki -- multiple vulnerabilities

mediawiki reports: security fixes: T128209: Reflected File Download from api.php. Reported by Abdullah Hussam. T165846: BotPasswords doesn't throttle login attempts. T134100: On private wikis, login form shouldn't distinguish between login failure due to bad username and bad password. T178451: XSS when $wgShowExceptionDetails = false and browser sends non-standard url escaping. T176247: It's possible to mangle HTML via raw message parameter expansion. T125163: id attribute on headlines allow raw. T124404: language converter can be tricked into replacing text inside tags by adding a lot of junk after the rule definition. T119158: Language converter: unsafe attribute injection via glossary rules. T180488: api.log contains passwords in plaintext wasn't correctly fixed. T180231: composer.json has require-dev versions of PHPUnit with known security issues. Reported by Tom Hutchison.