Date: Sat, 11 Jun 2022 08:07:40 GMT From: Guido Falsi <madpilot@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 2d7a11dac84a - main - security/vuxml: Document XFCE libexo vulnerability. Message-ID: <202206110807.25B87eF7010617@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by madpilot: URL: https://cgit.FreeBSD.org/ports/commit/?id=2d7a11dac84a683d85a1bc7df561f91506fac922 commit 2d7a11dac84a683d85a1bc7df561f91506fac922 Author: Guido Falsi <madpilot@FreeBSD.org> AuthorDate: 2022-06-11 08:06:56 +0000 Commit: Guido Falsi <madpilot@FreeBSD.org> CommitDate: 2022-06-11 08:06:56 +0000 security/vuxml: Document XFCE libexo vulnerability. --- security/vuxml/vuln-2022.xml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml index 4ec14d8531fe..37fbce5754b7 100644 --- a/security/vuxml/vuln-2022.xml +++ b/security/vuxml/vuln-2022.xml @@ -1,3 +1,30 @@ + <vuln vid="55cff5d2-e95c-11ec-ae20-001999f8d30b"> + <topic>XFCE -- Allows executing malicious .desktop files pointing to remote code</topic> + <affects> + <package> + <name>libexo</name> + <range><lt>4.16.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>XFCE Project reports:</p> + <blockquote cite="https://gitlab.xfce.org/xfce/exo/-/commit/cc047717c3b5efded2cc7bd419c41a3d1f1e48b6">; + <p>Prevent executing possibly malicious .desktop files + from online sources (ftp://, http:// etc.).</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2022-32278</cvename> + <url>https://gitlab.xfce.org/xfce/exo/-/commit/cc047717c3b5efded2cc7bd419c41a3d1f1e48b6</url>; + </references> + <dates> + <discovery>2022-06-11</discovery> + <entry>2022-06-11</entry> + </dates> + </vuln> + <vuln vid="b51cfaea-e919-11ec-9fba-080027240888"> <topic>py-numpy -- Missing return-value validation of the function PyArray_DescrNew</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202206110807.25B87eF7010617>