Date: Tue, 13 Feb 2024 20:02:23 GMT From: Florian Smeets <flo@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: b3506d6b828b - main - security/vuxml: add phpmyfaq < 3.2.5 Message-ID: <202402132002.41DK2NXs074568@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by flo: URL: https://cgit.FreeBSD.org/ports/commit/?id=b3506d6b828b0a211bedcadc9b3489ce1d53eb32 commit b3506d6b828b0a211bedcadc9b3489ce1d53eb32 Author: Florian Smeets <flo@FreeBSD.org> AuthorDate: 2024-02-11 09:49:23 +0000 Commit: Florian Smeets <flo@FreeBSD.org> CommitDate: 2024-02-13 20:00:16 +0000 security/vuxml: add phpmyfaq < 3.2.5 --- security/vuxml/vuln/2024.xml | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index b9cafe0dcc71..5ce1aa06740f 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -1,3 +1,38 @@ + <vuln vid="cbfc1591-c8c0-11ee-b45a-589cfc0f81b0"> + <topic>phpmyfaq -- multiple vulnerabilities</topic> + <affects> + <package> + <name>phpmyfaq-php81</name> + <name>phpmyfaq-php82</name> + <name>phpmyfaq-php83</name> + <range><lt>3.2.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>phpMyFAQ team reports:</p> + <blockquote cite="https://www.phpmyfaq.de/security/advisory-2024-02-05">; + <p>phpMyFAQ doesn't implement sufficient checks to avoid XSS when + storing on attachments filenames. The 'sharing FAQ' functionality + allows any unauthenticated actor to misuse the phpMyFAQ application + to send arbitrary emails to a large range of targets. phpMyFAQ's + user removal page allows an attacker to spoof another user's + detail, and in turn make a compelling phishing case for removing + another user's account.</p> + </blockquote> + </body> + </description> + <references> + <url>https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx</url>; + <url>https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9hhf-xmcw-r3xg</url>; + <url>https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6648-6g96-mg35</url>; + </references> + <dates> + <discovery>2024-02-05</discovery> + <entry>2024-02-11</entry> + </dates> + </vuln> + <vuln vid="f161a5ad-c9bd-11ee-b7a7-353f1e043d9a"> <topic>openexr -- Heap Overflow in Scanline Deep Data Parsing</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202402132002.41DK2NXs074568>