Date: Sun, 29 Jan 2023 11:36:35 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 269221] security/vuxml: document CVE-2017-11610 and CVE-2019-12105 for outdated versions of sysutils/py-supervisor Message-ID: <bug-269221-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D269221 Bug ID: 269221 Summary: security/vuxml: document CVE-2017-11610 and CVE-2019-12105 for outdated versions of sysutils/py-supervisor Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: grahamperrin@freebsd.org CC: ports-secteam@FreeBSD.org, thomas@gibfest.dk CC: ports-secteam@FreeBSD.org, thomas@gibfest.dk CVE-2019-12105 alone might be negligible (not worth a VuXML entry).=20 <https://github.com/advisories/GHSA-6x94-2xr2-xgw3>; <https://cve.mitre.org/cgi-bin/cvename.cgi?name=3D2019-12105>; CVE-2017-11610 is more significant. If there'll be an entry for this one, t= hen there may as well be an entry for both.=20 <https://github.com/advisories/GHSA-x7c8-4x3h-874w>; <https://cve.mitre.org/cgi-bin/cvename.cgi?name=3D2017-11610>; > The XML-RPC server in supervisor before 3.0.1,=20 > 3.1.x before 3.1.4,=20 > 3.2.x before 3.2.4, and=20 > 3.3.x before 3.3.3 allows remote authenticated users to execute=20 > arbitrary commands via a crafted XML-RPC request, related to=20 > nested supervisord namespace lookups. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-269221-7788>