Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 14 Feb 2023 08:49:11 -0500
From:      "Dan Langille" <dan@langille.org>
To:        "Wen Heping" <wen@FreeBSD.org>, ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Subject:   Re: git: 7cd59a7b0d9c - main - security/vuxml: Document Django multiple vulnerabilities
Message-ID:  <62b4686d-491e-4224-9ddb-7935bbf7f129@app.fastmail.com>
In-Reply-To: <202302141204.31EC4H4m043168@gitrepo.freebsd.org>
References:  <202302141204.31EC4H4m043168@gitrepo.freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Feb 14, 2023, at 7:04 AM, Wen Heping wrote:
> The branch main has been updated by wen:
>
> URL: 
> https://cgit.FreeBSD.org/ports/commit/?id=7cd59a7b0d9c15b24dae177e6feafea107670ff5
>
> commit 7cd59a7b0d9c15b24dae177e6feafea107670ff5
> Author:     Wen Heping <wen@FreeBSD.org>
> AuthorDate: 2023-02-14 12:03:26 +0000
> Commit:     Wen Heping <wen@FreeBSD.org>
> CommitDate: 2023-02-14 12:03:59 +0000
>
>     security/vuxml: Document Django multiple vulnerabilities
> ---
>  security/vuxml/vuln/2023.xml | 41 +++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 41 insertions(+)
>
> diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml
> index a3feb1c2e6d7..9cc6385ce320 100644
> --- a/security/vuxml/vuln/2023.xml
> +++ b/security/vuxml/vuln/2023.xml
> @@ -1,3 +1,44 @@
> +  <vuln vid="9c9ee9a6-ac5e-11ed-9323-080027d3a315">
> +    <topic>Django -- multiple vulnerabilities</topic>
> +    <affects>
> +      <package>
> +	<name>py37-django32</name>
> +	<name>py38-django32</name>
> +	<name>py39-django32</name>
> +	<name>py310-django32</name>
> +	<range><lt>3.2.18</lt></range>
> +      </package>
> +      <package>
> +	<name>py38-django40</name>
> +	<name>py39-django40</name>
> +	<name>py310-django40</name>
> +	<range><lt>4.0.10</lt></range>
> +      </package>
> +      <package>
> +	<name>py38-django41</name>
> +	<name>py39-django41</name>
> +	<name>py310-django41</name>
> +	<range><lt>4.1.7/range>

The above has incorrect tags.I think it might be:

	<range><lt>4.1.7</lt></range>

But I'm not sure.


> +      </package>
> +    </affects>
> +    <description>
> +      <body xmlns="http://www.w3.org/1999/xhtml">;
> +	<p>Django reports:</p>
> +	<blockquote 
> cite="https://www.djangoproject.com/weblog/2023/feb/14/security-releases/">;
> +	  <p>CVE-2023-24580: Potential denial-of-service vulnerability in 
> file uploads.</p>
> +	</blockquote>
> +      </body>
> +    </description>
> +    <references>
> +      <cvename>CVE-2023-24580</cvename>
> +      
> <url>https://www.djangoproject.com/weblog/2023/feb/14/security-releases/</url>;
> +    </references>
> +    <dates>
> +      <discovery>2023-02-01</discovery>
> +      <entry>2023-02-14</entry>
> +    </dates>
> +  </vuln>
> +
>    <vuln vid="0a7a5dfb-aba4-11ed-be2c-001cc0382b2f">
>      <topic>GnuTLS -- timing sidechannel in RSA decryption</topic>
>      <affects>

-- 
  Dan Langille
  dan@langille.org



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?62b4686d-491e-4224-9ddb-7935bbf7f129>