Date: Mon, 18 Mar 2024 06:46:42 GMT From: Matthias Fechner <mfechner@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 7ad6e0e0c912 - main - security/vuxml: remove duplicated entry, see 3bac9fee140f64f562008b81ea2f2391b3fca116 Message-ID: <202403180646.42I6kgDu067979@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by mfechner: URL: https://cgit.FreeBSD.org/ports/commit/?id=7ad6e0e0c912b2d8b631c8af54f6ac7d83400984 commit 7ad6e0e0c912b2d8b631c8af54f6ac7d83400984 Author: Matthias Fechner <mfechner@FreeBSD.org> AuthorDate: 2024-03-18 06:45:53 +0000 Commit: Matthias Fechner <mfechner@FreeBSD.org> CommitDate: 2024-03-18 06:45:53 +0000 security/vuxml: remove duplicated entry, see 3bac9fee140f64f562008b81ea2f2391b3fca116 Reported by: flo@smeets.xyz --- security/vuxml/vuln/2024.xml | 33 --------------------------------- 1 file changed, 33 deletions(-) diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index 93d54975a84d..ac0ecc511977 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -481,39 +481,6 @@ </dates> </vuln> - <vuln vid="46a9eb0f-d7d2-11ee-bb12-001b217b3468"> - <topic>null -- null</topic> - <affects> - <package> - <name>null</name> - <range><lt>null</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml"> - <p>support@hackerone.com reports:</p> - <blockquote cite="https://hackerone.com/reports/2237545"> - <p>On Linux, Node.js ignores certain environment variables if those - may have been set by an unprivileged user while the process is - running with elevated privileges with the only exception of - CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this - exception, Node.js incorrectly applies this exception even when - certain other capabilities have been set. This allows unprivileged - users to inject code that inherits the process's elevated - privileges.</p> - </blockquote> - </body> - </description> - <references> - <cvename>CVE-2024-21892</cvename> - <url>https://nvd.nist.gov/vuln/detail/CVE-2024-21892</url> - </references> - <dates> - <discovery>2024-02-20</discovery> - <entry>2024-03-01</entry> - </dates> - </vuln> - <vuln vid="3567456a-6b17-41f7-ba7f-5cd3efb2b7c9"> <topic>electron{27,28} -- Use after free in Mojo</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202403180646.42I6kgDu067979>