From nobody Mon Dec 20 11:11:05 2021
X-Original-To: elastic@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id AEFBE18FC522;
	Mon, 20 Dec 2021 11:11:39 +0000 (UTC)
	(envelope-from thomas.e.zander@googlemail.com)
Received: from mail-wm1-f51.google.com (mail-wm1-f51.google.com [209.85.128.51])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4JHcNV6Jkpz4ZJp;
	Mon, 20 Dec 2021 11:11:38 +0000 (UTC)
	(envelope-from thomas.e.zander@googlemail.com)
Received: by mail-wm1-f51.google.com with SMTP id g132so3766608wmg.2;
        Mon, 20 Dec 2021 03:11:38 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc;
        bh=SNMc4c2krhPZp2b9pK0/kvZL0GjMH27cN+yaNilV7/c=;
        b=VAOglmH0SUB/Lc76xYYgxySgWIw+tHrh6EujwsydjaCCId7lyAmUjQlYSFx5V0k+W6
         XXSGMxG844vIFhmzDhezkUNxf18XE4arX/porFMfhnX0YQyKhrykgZCJ/WS/EwIpUZ8f
         WJ0DRkKfPFj404RRtHaiRTC0O7kFHS5vekaQmtm0poOZEAJzybSJjhrOXouz1NtCNdnN
         LXJxAdlh6yrVsLKuKnrc9M3BQh6qf21zenekt4FkMFWztef4v3YgxKmfg5LBA/riDeQt
         w2xcChWQppK5yoxvvGaLY4UrcKJ5AlJlxxOnFM1akR7ng0VHETsoPh6mBvTFkFNjfMmf
         eWSQ==
X-Gm-Message-State: AOAM530lRWRGgPuEqEscrc8mebUmtI5emOyzP2bAfTSsX9VFKOSDjIa+
	IyvXtJQ6JD23xCB6tk6hWvcpAgUDfG8k5SgIYA63Qof2KtiMMYQX
X-Google-Smtp-Source: ABdhPJzyZ3KgoLDL4+2J16wWd0NJ959rqVP+0KLK6JS/JkNlRl+JeWOSs13qCZzATjfF4F/Ze3NVPReUSmutvVbu6Bo=
X-Received: by 2002:a1c:1f88:: with SMTP id f130mr20634832wmf.91.1639998691572;
 Mon, 20 Dec 2021 03:11:31 -0800 (PST)
List-Id: Support of ElasticSearch-related ports <freebsd-elastic.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-elastic
List-Help: <mailto:freebsd-elastic+help@freebsd.org>
List-Post: <mailto:freebsd-elastic@freebsd.org>
List-Subscribe: <mailto:freebsd-elastic+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-elastic+unsubscribe@freebsd.org>
Sender: owner-freebsd-elastic@freebsd.org
MIME-Version: 1.0
From: Thomas Zander <riggs@freebsd.org>
Date: Mon, 20 Dec 2021 12:11:05 +0100
Message-ID: <CAFU734zXHs+NWZ5cC1+iWmqbA4FLBsWR-daRzkkXV_Y2v_oXrQ@mail.gmail.com>
Subject: Please double-check for vulnerable bundled log4j
To: Muhammad Moinur Rahman <bofh@freebsd.org>, "Danilo G. Baio" <dbaio@freebsd.org>, elastic@freebsd.org, 
	freebsd@dussan.org, freebsd@rheinwolf.de, guido@kollerie.com, 
	Jason Helfman <jgh@freebsd.org>, mfechner@freebsd.org, michael.osipov@siemens.com, 
	netchild@freebsd.org, opensearch@freebsd.org, otis@freebsd.org, 
	root@cooltrainer.org, timp87@gmail.com, Yuri <yuri@freebsd.org>
Cc: FreeBSD Ports Management Team <portmgr@freebsd.org>, 
	FreeBSD Ports Security Team <ports-secteam@freebsd.org>, Stefan Esser <se@freebsd.org>, 
	Ed Maste <emaste@freebsd.org>
Content-Type: text/plain; charset="UTF-8"
X-Rspamd-Queue-Id: 4JHcNV6Jkpz4ZJp
X-Spamd-Bar: ++
Authentication-Results: mx1.freebsd.org;
	dkim=none;
	dmarc=none;
	spf=pass (mx1.freebsd.org: domain of thomasezander@gmail.com designates 209.85.128.51 as permitted sender) smtp.mailfrom=thomasezander@gmail.com
X-Spamd-Result: default: False [2.82 / 15.00];
	 FROM_NEQ_ENVFROM(0.00)[riggs@freebsd.org,thomasezander@gmail.com];
	 ARC_NA(0.00)[];
	 RCVD_TLS_ALL(0.00)[];
	 FROM_HAS_DN(0.00)[];
	 TO_DN_SOME(0.00)[];
	 R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17];
	 NEURAL_SPAM_SHORT(0.85)[0.851];
	 MIME_GOOD(-0.10)[text/plain];
	 DMARC_NA(0.00)[freebsd.org];
	 NEURAL_SPAM_MEDIUM(0.97)[0.972];
	 TO_MATCH_ENVRCPT_SOME(0.00)[];
	 NEURAL_SPAM_LONG(1.00)[1.000];
	 RCPT_COUNT_TWELVE(0.00)[19];
	 RCVD_IN_DNSWL_NONE(0.00)[209.85.128.51:from];
	 FREEMAIL_TO(0.00)[freebsd.org,dussan.org,rheinwolf.de,kollerie.com,siemens.com,cooltrainer.org,gmail.com];
	 FORGED_SENDER(0.30)[riggs@freebsd.org,thomasezander@gmail.com];
	 RWL_MAILSPIKE_POSSIBLE(0.00)[209.85.128.51:from];
	 R_DKIM_NA(0.00)[];
	 FREEMAIL_ENVFROM(0.00)[gmail.com];
	 ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US];
	 MIME_TRACE(0.00)[0:+];
	 TAGGED_FROM(0.00)[];
	 RCVD_COUNT_TWO(0.00)[2]
X-ThisMailContainsUnwantedMimeParts: N

Dear maintainer,

You are maintaining at least one of the ports listed in
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260421#c9. They seem
to bundle a potentially vulnerable log4j version.
In case you have not looked into this already, please:
* Double check if your port(s) are at risk.
* Check if there are fixes available upstream and if so, prepare the
fixes for your port as soon as possible.
* If fixes are not yet available, please open a bug in bugzilla and
mark it as blocking for
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260421 so we don't
lose track of it. Also please keep checking for upstream fixes
regularly and update the port as soon as you can.

Thank you and best regards
For ports-secteam
Riggs