Date: Sun, 14 Aug 2022 17:00:51 GMT From: Nuno Teixeira <eduardo@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 38ed2b0a6bbf - main - security/vuxml: Document Apache Tomcat vulnerability Message-ID: <202208141700.27EH0plq041831@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by eduardo: URL: https://cgit.FreeBSD.org/ports/commit/?id=38ed2b0a6bbff1b4b89ae84b89d1cf044779c3c7 commit 38ed2b0a6bbff1b4b89ae84b89d1cf044779c3c7 Author: Nuno Teixeira <eduardo@FreeBSD.org> AuthorDate: 2022-08-14 16:50:46 +0000 Commit: Nuno Teixeira <eduardo@FreeBSD.org> CommitDate: 2022-08-14 17:00:29 +0000 security/vuxml: Document Apache Tomcat vulnerability CVE-2022-34305 Apache Tomcat - XSS in examples web application PR: 265821 Approved by: riggs (ports-secteam) --- security/vuxml/vuln-2022.xml | 45 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml index 98f59a598022..e0ded3642995 100644 --- a/security/vuxml/vuln-2022.xml +++ b/security/vuxml/vuln-2022.xml @@ -1,3 +1,48 @@ + <vuln vid="e2e7faf9-1b51-11ed-ae46-002b67dfc673"> + <topic>Tomcat -- XSS in examples web application</topic> + <affects> + <package> + <name>tomcat</name> + <range><ge>8.5.50</ge><lt>8.5.81</lt></range> + <range><ge>9.0.30</ge><lt>9.0.64</lt></range> + <range><ge>10.0.0-M1</ge><lt>10.0.22</lt></range> + <range><ge>10.1.0-M1</ge><lt>10.1.0-M16</lt></range> + </package> + <package> + <name>tomcat85</name> + <range><ge>8.5.50</ge><lt>8.5.81</lt></range> + </package> + <package> + <name>tomcat9</name> + <range><ge>9.0.30</ge><lt>9.0.64</lt></range> + </package> + <package> + <name>tomcat10</name> + <range><ge>10.0.0-M1</ge><lt>10.0.22</lt></range> + </package> + <package> + <name>tomcat-devel</name> + <range><ge>10.1.0-M1</ge><lt>10.1.0-M16</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Apache Tomcat reports:</p> + <blockquote cite="https://lists.apache.org/thread/k04zk0nq6w57m72w5gb0r6z9ryhmvr4k">; + <p>The Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2022-34305</cvename> + <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34305</url>; + </references> + <dates> + <discovery>2022-06-22</discovery> + <entry>2022-08-14</entry> + </dates> + </vuln> + <vuln vid="75c073cc-1a1d-11ed-bea0-48ee0c739857"> <topic>XFCE tumbler -- Vulnerability in the GStreamer plugin</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202208141700.27EH0plq041831>