From nobody Sat Dec 10 18:46:42 2022
X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NTxhH0Djrz4k9XR;
	Sat, 10 Dec 2022 18:47:11 +0000 (UTC)
	(envelope-from thomas.e.zander@googlemail.com)
Received: from mail-yw1-f176.google.com (mail-yw1-f176.google.com [209.85.128.176])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4NTxhG5kMgz3Pt7;
	Sat, 10 Dec 2022 18:47:10 +0000 (UTC)
	(envelope-from thomas.e.zander@googlemail.com)
Authentication-Results: mx1.freebsd.org;
	none
Received: by mail-yw1-f176.google.com with SMTP id 00721157ae682-3b48b139b46so93348217b3.12;
        Sat, 10 Dec 2022 10:47:10 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=XN1h0YD5pDeFKxrMelukYk/wVHkAFJorvhoF9XQDzYk=;
        b=QGUkj+UgahTS+PdssjtgcG+sjYbJa7YAs5FuqQ8onrLIsq9qHiQmZLoOTJXqVfyU6c
         /gaZ6pqf7uwP1Td2tX15wPJ1QkvJjjRoXNpKNHLrmsZaH28T9kaIEL2KlEypEWbaIMS+
         7UqMpolqn3PLzssIoA75eCUA98U3l9cIChpGEm6YlIAGMvYVszqG1+MkCoQNoTzteCsr
         yXVQDWBChPxCpAYDHx8kitbFtJSDjpcxLgk3Tr71HHOucMxXxcuNE2Zdp3Y2gAMIOnm6
         ZlEFCTIMupWqDXKXkwHLUFiAyEVYyAaOvgBBmFOpSxEJGfRRGXHX5DoUMdSS++Hm8eta
         nBiA==
X-Gm-Message-State: ANoB5pmAndUnBM7Wdedf8vz4ff5niMHsi08oNlKRkj7X0jCadv606vlG
	Ta0HDdzGarruVCUmdkeKBbyse9T/SOqKRv+UaDrTbQ44R6k=
X-Google-Smtp-Source: AA0mqf7SdQrH9dxVdC/L2V3zZJs4LPna3jm7Aes22FTsUE12MnZoE1tybGGNP9uboFr263/n1sB0WmqT3r5qXeUqbos=
X-Received: by 2002:a05:690c:883:b0:402:69ac:9bb4 with SMTP id
 cd3-20020a05690c088300b0040269ac9bb4mr3571086ywb.438.1670698029571; Sat, 10
 Dec 2022 10:47:09 -0800 (PST)
List-Id: Commit messages for all branches of the ports repository <dev-commits-ports-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all
List-Help: <mailto:dev-commits-ports-all+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-ports-all@freebsd.org
X-BeenThere: dev-commits-ports-all@freebsd.org
MIME-Version: 1.0
References: <202212101408.2BAE8tk5003135@gitrepo.freebsd.org>
In-Reply-To: <202212101408.2BAE8tk5003135@gitrepo.freebsd.org>
From: Thomas Zander <riggs@freebsd.org>
Date: Sat, 10 Dec 2022 19:46:42 +0100
Message-ID: <CAFU734zciZuAeEjFy17LSOc8z4uynJo=qT2zwJYXseSRN1bAtQ@mail.gmail.com>
Subject: Re: git: 072998df6d44 - main - security/vuxml: Document multiple xrdp vulnerabilities
To: Koichiro Iwao <meta@freebsd.org>
Cc: ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, 
	dev-commits-ports-main@freebsd.org
Content-Type: text/plain; charset="UTF-8"
X-Rspamd-Queue-Id: 4NTxhG5kMgz3Pt7
X-Spamd-Bar: ----
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US];
	TAGGED_FROM(0.00)[]
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-ThisMailContainsUnwantedMimeParts: N

FYI this did not pass "make validate" due to whitespace
inconsistencies. It is fixed now, but please always check if "make
validate" passes before submitting changes to the vuxml port. Thank
you! :)

On Sat, 10 Dec 2022 at 15:08, Koichiro Iwao <meta@freebsd.org> wrote:
>
> The branch main has been updated by meta:
>
> URL: https://cgit.FreeBSD.org/ports/commit/?id=072998df6d4408d7bc6104d431205c9b3c385fc4
>
> commit 072998df6d4408d7bc6104d431205c9b3c385fc4
> Author:     Koichiro Iwao <meta@FreeBSD.org>
> AuthorDate: 2022-12-10 14:04:49 +0000
> Commit:     Koichiro Iwao <meta@FreeBSD.org>
> CommitDate: 2022-12-10 14:07:46 +0000
>
>     security/vuxml: Document multiple xrdp vulnerabilities
>
>     Obrained from:  https://github.com/neutrinolabs/xrdp/releases/tag/v0.9.21
> ---
>  security/vuxml/vuln/2022.xml | 48 ++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 48 insertions(+)
>
> diff --git a/security/vuxml/vuln/2022.xml b/security/vuxml/vuln/2022.xml
> index 9d3f44c38d5d..89f9378a6798 100644
> --- a/security/vuxml/vuln/2022.xml
> +++ b/security/vuxml/vuln/2022.xml
> @@ -1,3 +1,51 @@
> +  <vuln vid="ba94433c-7890-11ed-859e-1c61b4739ac9">
> +    <topic>xrdp -- multiple vulnerabilities</topic>
> +    <affects>
> +      <package>
> +       <name>xrdp</name>
> +       <range><lt>0.9.21</lt></range>
> +      </package>
> +    </affects>
> +    <description>
> +      <body xmlns="http://www.w3.org/1999/xhtml">
> +       <p>xrdp project reports:</p>
> +       <blockquote cite="https://github.com/neutrinolabs/xrdp/releases/tag/v0.9.21">
> +         <p>This update is recommended for all xrdp users and provides following important security fixes:</p>
> +         <ul>
> +            <li>CVE-2022-23468</li>
> +            <li>CVE-2022-23477</li>
> +            <li>CVE-2022-23478</li>
> +            <li>CVE-2022-23479</li>
> +            <li>CVE-2022-23480</li>
> +            <li>CVE-2022-23481</li>
> +            <li>CVE-2022-23483</li>
> +            <li>CVE-2022-23482</li>
> +            <li>CVE-2022-23484</li>
> +            <li>CVE-2022-23493</li>
> +         </ul>
> +          <p>These security issues are reported by Team BT5 (BoB 11th). We appreciate their great help with making and reviewing patches.</p>
> +       </blockquote>
> +      </body>
> +    </description>
> +    <references>
> +      <cvename>CVE-2022-23468</cvename>
> +      <cvename>CVE-2022-23477</cvename>
> +      <cvename>CVE-2022-23478</cvename>
> +      <cvename>CVE-2022-23479</cvename>
> +      <cvename>CVE-2022-23480</cvename>
> +      <cvename>CVE-2022-23481</cvename>
> +      <cvename>CVE-2022-23483</cvename>
> +      <cvename>CVE-2022-23482</cvename>
> +      <cvename>CVE-2022-23484</cvename>
> +      <cvename>CVE-2022-23493</cvename>
> +      <url>https://github.com/neutrinolabs/xrdp/releases/tag/v0.9.21</url>
> +    </references>
> +    <dates>
> +      <discovery>2022-12-01</discovery>
> +      <entry>2022-12-10</entry>
> +    </dates>
> +  </vuln>
> +
>    <vuln vid="050eba46-7638-11ed-820d-080027d3a315">
>      <topic>Python -- multiple vulnerabilities</topic>
>      <affects>