Date: Mon, 16 Dec 2024 05:46:25 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 283357] security/vuxml: update entry for mail/thunderbird Message-ID: <bug-283357-7788-jUnl2N85Ay@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-283357-7788@https.bugs.freebsd.org/bugzilla/> References: <bug-283357-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D283357 John Hein <jcfyecrayz@liamekaens.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #255886| |maintainer-approval?(ports- Flags| |secteam@FreeBSD.org) --- Comment #2 from John Hein <jcfyecrayz@liamekaens.com> --- Created attachment 255886 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D255886&action= =3Dedit [patch] update thunderbird vuxml per upstream advisories Attached is an update to security/vuxml/vuln/2024.xml, but it may not be sufficient. At first I was just going to change the vulnerable version fro= m '< 133' to < '128.5'. But I think that it's safe to assume that the range from 129 - 132 is vulnerable. I can't find a reference from Mozilla describing an analysis that might indicate the starting version for these CVEs. So while the 129-132 range m= ay be too broad, it's probably better to be safe and assume that range is affe= cted by the CVEs as well. So this patch defines the vulnerable range for thunderbird as: (< 128.5) and (>=3D 129 and < 133) --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-283357-7788-jUnl2N85Ay>