Date: Wed, 25 Sep 2019 23:07:20 +0000 (UTC) From: Li-Wen Hsu <lwhsu@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r512860 - head/security/vuxml Message-ID: <201909252307.x8PN7KsB067868@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: lwhsu Date: Wed Sep 25 23:07:20 2019 New Revision: 512860 URL: https://svnweb.freebsd.org/changeset/ports/512860 Log: Document Jenkins Security Advisory 2019-09-25 Sponsored by: The FreeBSD Foundation Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Sep 25 22:37:43 2019 (r512859) +++ head/security/vuxml/vuln.xml Wed Sep 25 23:07:20 2019 (r512860) @@ -58,6 +58,53 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="9720bb39-f82a-402f-9fe4-e2c875bdda83"> + <topic>jenkins -- multiple vulnerabilities</topic> + <affects> + <package> + <name>jenkins</name> + <range><le>2.196</le></range> + </package> + <package> + <name>jenkins-lts</name> + <range><le>2.176.3</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Jenkins Security Advisory:</p> + <blockquote cite="https://jenkins.io/security/advisory/2019-09-25/">; + <h1>Description</h1> + <h5>(Medium) SECURITY-1498 / CVE-2019-10401</h5> + <p>Stored XSS vulnerability in expandable textbox form control</p> + <h5>(Medium) SECURITY-1525 / CVE-2019-10402</h5> + <p>XSS vulnerability in combobox form control</p> + <h5>(Medium) SECURITY-1537 (1) / CVE-2019-10403</h5> + <p>Stored XSS vulnerability in SCM tag action tooltip</p> + <h5>(Medium) SECURITY-1537 (2) / CVE-2019-10404</h5> + <p>Stored XSS vulnerability in queue item tooltip</p> + <h5>(Medium) SECURITY-1505 / CVE-2019-10405</h5> + <p>Diagnostic web page exposed Cookie HTTP header</p> + <h5>(Medium) SECURITY-1471 / CVE-2019-10406</h5> + <p>XSS vulnerability in Jenkins URL setting</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2019-10401</cvename> + <cvename>CVE-2019-10402</cvename> + <cvename>CVE-2019-10403</cvename> + <cvename>CVE-2019-10404</cvename> + <cvename>CVE-2019-10405</cvename> + <cvename>CVE-2019-10406</cvename> + <url>https://jenkins.io/security/advisory/2019-09-25/</url>; + </references> + <dates> + <discovery>2019-09-25</discovery> + <entry>2019-09-25</entry> + </dates> + </vuln> + <vuln vid="20b92374-d62a-11e9-af73-001b217e4ee5"> <topic>ISC KEA -- Multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201909252307.x8PN7KsB067868>