Date: Fri, 30 Dec 2022 14:58:57 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 268656] www/minio: multiple vulnerabilities Message-ID: <bug-268656-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D268656 Bug ID: 268656 Summary: www/minio: multiple vulnerabilities Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: swills@FreeBSD.org Reporter: adam@omega.org.uk Flags: maintainer-feedback?(swills@FreeBSD.org) Assignee: swills@FreeBSD.org The version of minio in ports appears to be vulnerable to three issues: I attempted to report this privately via the ports security team email addr= ess for inclusion in VuXML, however it was not responded to - apologies if that email address, or if reporting the issues here is not the correct process to follow. The highest severity has a CVSS2 score of 8.8. Advisory:=20=20 https://github.com/minio/minio/security/advisories/GHSA-gr9v-6pcm-rqvg CVE: CVE-2022-35919 Introduced: RELEASE.2020-07-24T22-43-05Z Fixed: RELEASE.2022-07-29T19-40-48Z Advisory:=20=20 https://github.com/minio/minio/security/advisories/GHSA-qrpr-r3pw-f636 CVE: CVE-2022-31028 Introduced: RELEASE.2019-09-25T18-25-51Z Fixed: RELEASE.2022-06-02T02-11-04Z Advisory:=20=20 https://github.com/minio/minio/security/advisories/GHSA-2j69-jjmg-534q CVE: CVE-2022-24842 Introduced: RELEASE.2021-12-09T06-19-41Z Fixed: RELEASE.2022-04-12T06-55-35Z --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-268656-7788>