From nobody Mon Dec 16 05:46:25 2024 X-Original-To: ports-bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBTTF5VfHz5gx4y for ; Mon, 16 Dec 2024 05:46:25 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBTTF3SNJz4MhQ for ; Mon, 16 Dec 2024 05:46:25 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734327985; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=v5pV2s4YK35yLRXkSTxdIofC/EvBVt9KN9TwjwYLPmU=; b=x6Pqe/9oRkst+fB3jCNDcZJd4BTM0fKr3XkYXupJ0lkFxsoL42/NYdzkl1ykUYRDwXv40D aMNX4yG9kxpRNa+5Pn/KAvpn87T6AKWkHV+vxNknR9QLm31qnhOTKH7u8kvGhs2nnWSB5T V7cMmLhym0rjieP4np0tPnaZj8LF0EaygmMUxoi9kYvpzFPAyUL1OMN7NlNAqmj1yk5gld E/8q2nV7OGgzz59oh33OVXDRkFLm7+pxCFtrPePNcqMPuGJF9Z4Fqwgdr/UEwTx82dIEMp UmhLywU91o+QDHuXrnj/iEvk8PLAVkp9I1Te7LwozYnMko7lVq3PgRKQ+rPtUA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734327985; a=rsa-sha256; cv=none; b=lqm7NHo2Sp+2vNgxp1W3DENYIqf5pNDteaVUZiXtywBE9RoLS9At0HXHj7NFN1piNe/8q/ mKOZuKxmgRqDhi5tmyr3GvTa96dwTm4hUa+RTssvCSor7P1S5XvqZMsvX1SJBYZYFf/u67 Zd7GB//8Ke1AMPoE9xYXXm1WiEx0Bd8Qr7ojXqhR7sMyt6g/6O3z+0UuLx/ciOkkcDNrFh +oovG22jVpjGsdYVoLMzNNcbGwTVf2m+KzzU2qp6Lqrca3s7WaThIQRG2nPoncplq4mIgb kSDTqplWt9FCobrDq9Cs4TzSiyUyuxWUE69KWOxtQCiJ1ZhYPghNUHLiTy3ltg== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBTTF2tN0zh4P for ; Mon, 16 Dec 2024 05:46:25 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 4BG5kPhq095273 for ; Mon, 16 Dec 2024 05:46:25 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 4BG5kP67095272 for ports-bugs@FreeBSD.org; Mon, 16 Dec 2024 05:46:25 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 283357] security/vuxml: update entry for mail/thunderbird Date: Mon, 16 Dec 2024 05:46:25 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: jcfyecrayz@liamekaens.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ports-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: flagtypes.name attachments.created Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Ports bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-ports-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-ports-bugs@freebsd.org Sender: owner-freebsd-ports-bugs@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D283357 John Hein changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #255886| |maintainer-approval?(ports- Flags| |secteam@FreeBSD.org) --- Comment #2 from John Hein --- Created attachment 255886 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D255886&action= =3Dedit [patch] update thunderbird vuxml per upstream advisories Attached is an update to security/vuxml/vuln/2024.xml, but it may not be sufficient. At first I was just going to change the vulnerable version fro= m '< 133' to < '128.5'. But I think that it's safe to assume that the range from 129 - 132 is vulnerable. I can't find a reference from Mozilla describing an analysis that might indicate the starting version for these CVEs. So while the 129-132 range m= ay be too broad, it's probably better to be safe and assume that range is affe= cted by the CVEs as well. So this patch defines the vulnerable range for thunderbird as: (< 128.5) and (>=3D 129 and < 133) --=20 You are receiving this mail because: You are the assignee for the bug.=