Date: Sat, 10 Dec 2022 19:46:42 +0100 From: Thomas Zander <riggs@freebsd.org> To: Koichiro Iwao <meta@freebsd.org> Cc: ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, dev-commits-ports-main@freebsd.org Subject: Re: git: 072998df6d44 - main - security/vuxml: Document multiple xrdp vulnerabilities Message-ID: <CAFU734zciZuAeEjFy17LSOc8z4uynJo=qT2zwJYXseSRN1bAtQ@mail.gmail.com> In-Reply-To: <202212101408.2BAE8tk5003135@gitrepo.freebsd.org> References: <202212101408.2BAE8tk5003135@gitrepo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
FYI this did not pass "make validate" due to whitespace inconsistencies. It is fixed now, but please always check if "make validate" passes before submitting changes to the vuxml port. Thank you! :) On Sat, 10 Dec 2022 at 15:08, Koichiro Iwao <meta@freebsd.org> wrote: > > The branch main has been updated by meta: > > URL: https://cgit.FreeBSD.org/ports/commit/?id=072998df6d4408d7bc6104d431205c9b3c385fc4 > > commit 072998df6d4408d7bc6104d431205c9b3c385fc4 > Author: Koichiro Iwao <meta@FreeBSD.org> > AuthorDate: 2022-12-10 14:04:49 +0000 > Commit: Koichiro Iwao <meta@FreeBSD.org> > CommitDate: 2022-12-10 14:07:46 +0000 > > security/vuxml: Document multiple xrdp vulnerabilities > > Obrained from: https://github.com/neutrinolabs/xrdp/releases/tag/v0.9.21 > --- > security/vuxml/vuln/2022.xml | 48 ++++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 48 insertions(+) > > diff --git a/security/vuxml/vuln/2022.xml b/security/vuxml/vuln/2022.xml > index 9d3f44c38d5d..89f9378a6798 100644 > --- a/security/vuxml/vuln/2022.xml > +++ b/security/vuxml/vuln/2022.xml > @@ -1,3 +1,51 @@ > + <vuln vid="ba94433c-7890-11ed-859e-1c61b4739ac9"> > + <topic>xrdp -- multiple vulnerabilities</topic> > + <affects> > + <package> > + <name>xrdp</name> > + <range><lt>0.9.21</lt></range> > + </package> > + </affects> > + <description> > + <body xmlns="http://www.w3.org/1999/xhtml">; > + <p>xrdp project reports:</p> > + <blockquote cite="https://github.com/neutrinolabs/xrdp/releases/tag/v0.9.21">; > + <p>This update is recommended for all xrdp users and provides following important security fixes:</p> > + <ul> > + <li>CVE-2022-23468</li> > + <li>CVE-2022-23477</li> > + <li>CVE-2022-23478</li> > + <li>CVE-2022-23479</li> > + <li>CVE-2022-23480</li> > + <li>CVE-2022-23481</li> > + <li>CVE-2022-23483</li> > + <li>CVE-2022-23482</li> > + <li>CVE-2022-23484</li> > + <li>CVE-2022-23493</li> > + </ul> > + <p>These security issues are reported by Team BT5 (BoB 11th). We appreciate their great help with making and reviewing patches.</p> > + </blockquote> > + </body> > + </description> > + <references> > + <cvename>CVE-2022-23468</cvename> > + <cvename>CVE-2022-23477</cvename> > + <cvename>CVE-2022-23478</cvename> > + <cvename>CVE-2022-23479</cvename> > + <cvename>CVE-2022-23480</cvename> > + <cvename>CVE-2022-23481</cvename> > + <cvename>CVE-2022-23483</cvename> > + <cvename>CVE-2022-23482</cvename> > + <cvename>CVE-2022-23484</cvename> > + <cvename>CVE-2022-23493</cvename> > + <url>https://github.com/neutrinolabs/xrdp/releases/tag/v0.9.21</url>; > + </references> > + <dates> > + <discovery>2022-12-01</discovery> > + <entry>2022-12-10</entry> > + </dates> > + </vuln> > + > <vuln vid="050eba46-7638-11ed-820d-080027d3a315"> > <topic>Python -- multiple vulnerabilities</topic> > <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFU734zciZuAeEjFy17LSOc8z4uynJo=qT2zwJYXseSRN1bAtQ>