From nobody Wed Feb 11 04:58:51 2026
X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4f9mRb4BRtz6Rrcx
	for <dev-commits-ports-all@mlmmj.nyi.freebsd.org>; Wed, 11 Feb 2026 04:58:51 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4f9mRb26kTz3PpZ
	for <dev-commits-ports-all@FreeBSD.org>; Wed, 11 Feb 2026 04:58:51 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1770785931;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=prmjqVOKBQo7gUVmxFK9WJsPLss0lTom+/XA9w8RE9I=;
	b=fq5SdJnjW3pyOcv3Xar4wxQH5nkx0qtrZ1QKfPsYg6+Vd4nTEUOPclxBS2QJjybJxI8lab
	fOhkkLagecKy92T/2lzlFV1Bk91dGpgBT9zgCGK+Dw0q8TrNrL7dLk+2/4D0Y2vizMPysC
	TYx3Cp+eJ/KJzndmsveKcHTvYj5vw9MUFw8yDpSmEuXsuwZJ3h5RVVC7TwgHqhhn8iYhhs
	VFolQTDnOASN14FpJIu5JgVHzCcykQT3rAmgEGDKeTjCTgKUihXYLHRHHTe6VwH2Z1kcsa
	LITyf5jiVTQv7t8v+Y6sXayicBmqGbgnw03cmGVihpbfSxdljsav8+tPYsmA3A==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1770785931; a=rsa-sha256; cv=none;
	b=FsA1pqNvNEuOazZ23+7uocrtDqlBF9QYJyGnGO7jur3qOr36Wfjp909ZOPVtfb/KU9RfyN
	8HMyRp/R903FOPwjhiqq1DBUUdzOaqmh3NaMfQeP8PQaC+sHOVxgn9H7E+7NGI7zyRNShn
	bNYRrbfjcnnwNRm17fw5c7ZL+79Do5SUcPGggC1x2aaiBktQtyNz3VX3UnXkbq+6DzA1tA
	VccBlvl+2XQ9Toma0iyBzkcGNuGq7lfEhAQuF3Gn2nngLr+Lfw6fmXfAPi9koL8ZNYkmSm
	RVbOTIosy0v/DiPSKClyYF9uOqtLTGTKYOQQXKGOfluEEK1R6mGfLkkoKQuiXA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1770785931;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=prmjqVOKBQo7gUVmxFK9WJsPLss0lTom+/XA9w8RE9I=;
	b=lLhz9xCQULrJOvOUngKsF9GQYx+y3uxlKk68nsR+Pw1yP/FW2J8IGpkpJVLNI9DQPu6Pbw
	DUpmmRCNWFMp/eX8Qw6T1ube2N+sNsUewtW9VEJwLF70ulInI8elgiffekVGuaHsyRMXxQ
	ISwS11Mr2nz/KrWaAGimDpsuxRNXDbaV8YazVkjGMqlPTQXxdefvT9UEFPrn68/DyAR81r
	Go3gUu9oBbovEJdj+42vNu3JRTLD44ksGh50AJ5G2wHWhsQ/5sbQwoMMynYfb51Iixj/px
	3P3ixvmAtkq6JAdy1NJC5FTz6ttsHibp6DWOCnntaFudq+taBCsd21KjJc3bDg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4f9mRb0xfrzbdj
	for <dev-commits-ports-all@FreeBSD.org>; Wed, 11 Feb 2026 04:58:51 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from git (uid 1279)
	(envelope-from git@FreeBSD.org)
	id 244a0
	by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org);
	Wed, 11 Feb 2026 04:58:51 +0000
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
From: Philip Paeps <philip@FreeBSD.org>
Subject: git: 1813fbe6b7c9 - main - security/vuxml: add FreeBSD SA issued on 2026-02-10
List-Id: Commit messages for all branches of the ports repository <dev-commits-ports-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all
List-Help: <mailto:dev-commits-ports-all+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-ports-all@freebsd.org
Sender: owner-dev-commits-ports-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: philip
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 1813fbe6b7c948259f251dd567c03de7af0e2977
Auto-Submitted: auto-generated
Date: Wed, 11 Feb 2026 04:58:51 +0000
Message-Id: <698c0c8b.244a0.5d9cae09@gitrepo.freebsd.org>

The branch main has been updated by philip:

URL: https://cgit.FreeBSD.org/ports/commit/?id=1813fbe6b7c948259f251dd567c03de7af0e2977

commit 1813fbe6b7c948259f251dd567c03de7af0e2977
Author:     Philip Paeps <philip@FreeBSD.org>
AuthorDate: 2026-02-11 04:55:52 +0000
Commit:     Philip Paeps <philip@FreeBSD.org>
CommitDate: 2026-02-11 04:55:52 +0000

    security/vuxml: add FreeBSD SA issued on 2026-02-10
    
    FreeBSD-SA-26:03.blocklistd affects 15.0R
---
 security/vuxml/vuln/2026.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml
index 48a808fcde36..4340808b5599 100644
--- a/security/vuxml/vuln/2026.xml
+++ b/security/vuxml/vuln/2026.xml
@@ -1,3 +1,47 @@
+  <vuln vid="8d8012e5-0705-11f1-8148-bc241121aa0a">
+    <topic>FreeBSD -- blocklistd(8) socket leak</topic>
+    <affects>
+      <package>
+	<name>FreeBSD</name>
+	<range><ge>15.0</ge><lt>15.0_3</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<h1>Problem Description:</h1>
+	<p>Due to a programming error, blocklistd leaks a socket descriptor
+	for each adverse event report it receives.</p>
+	<p>Once a certain number of leaked sockets is reached, blocklistd
+	becomes unable to run the helper script: a child process is forked,
+	but this child dereferences a null pointer and crashes before it
+	is able to exec the helper.  At this point, blocklistd still records
+	adverse events but is unable to block new addresses or unblock
+	addresses whose database entries have expired.</p>
+	<p>Once a second, much higher number of leaked sockets is reached,
+	blocklistd becomes unable to receive new adverse event reports.</p>
+	<h1>Impact:</h1>
+	<p>An attacker may take advantage of this by triggering a large
+	number of adverse events from sacrificial IP addresses to effectively
+	disable blocklistd before launching an attack.</p>
+	<p>Even in the absence of attacks or probes by would-be attackers,
+	adverse events will occur regularly in the course of normal operations,
+	and blocklistd will gradually run out file descriptors and become
+	ineffective.</p>
+	<p>The accumulation of open sockets may have knock-on effects on other
+	parts of the system, resulting in a general slowdown until blocklistd
+	is restarted.</p>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2026-2261</cvename>
+      <freebsdsa>SA-26:03.blocklistd</freebsdsa>
+    </references>
+    <dates>
+      <discovery>2026-02-10</discovery>
+      <entry>2026-02-11</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="9bc5a730-0585-11f1-85c5-a8a1599412c6">
     <topic>chromium -- multiple security fixes</topic>
     <affects>