From nobody Wed Sep 18 07:01:12 2024 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4X7qLc6lTBz5WNXf; Wed, 18 Sep 2024 07:01:12 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4X7qLc6Cchz46C2; Wed, 18 Sep 2024 07:01:12 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1726642872; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=02lOtFqfRhmzgFx5K6gGNnB9Wj48MA0UptbiHJXNzLM=; b=S45zSwy30xbRT03Z9NLppnXNUNgZrBSdCFxWdcDLl6WJMiSZZYn6oHmTu4di5XtsKPVhKl qdi1vtam4xOjFvxy6Ynuyk3uAeI8hFLg0XCKmfSWZlWVIxPT8+18iuyEU+766WBFiMPgiS 8VIDhzoiPgwplwWSRRZBOJkAvmqrM7lhT51dJyjwojeceXQItbs84uDw8G3niddTUG8oxw CQCF2TCIimF04/OuAQQbdWHkNaVfMcjdCosycGcm+ULIuI1G/NgHcsBoFVq4mQkklYoY6b QB3dW2MviUdSNgoFSpaavXSP9CGttN3M5eFwEmVOo7fsAwrRjhUDE93qcKldJA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1726642872; a=rsa-sha256; cv=none; b=X+6n8bdjHPIoR678EMmiOa/9RvRwVJRWINB88SPNasxgiQvXwmnsGhvK7MkIKurB2m7xfD xjUxglA/+WnUIdteHRBzn7bBgIn9hg9x/WsAiniHvEmLRLt2OZPCcUJcX4d/onPmr++lBo b5wm56vAMcnF8hed9l55RCUBCrQOcVO4ozPbbVjuvlcgk+blTrjAuriXfIHfW5LJ6R2FDL V4yP7gP+Va6MnpyS9nDDlLgNVK68eNIO6iU6yY7CpobLgtHTzR4/+9YdgydVtUBglvVpVy 6jKd/MdrsxSBtGJdbFGtfsJ0Okp9ClsVm223VtHx9ztrRopbmS1c+MfEJEDzXA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1726642872; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=02lOtFqfRhmzgFx5K6gGNnB9Wj48MA0UptbiHJXNzLM=; b=cH/mBZ0+44Ttz5MbrHzaaTRH8rGho6qhaMQLdBl363cEMdtkFNeot8OT8tAoqiR0PP3PDF 8F7JLXoHz3yUwF6D0l2onTAyb/eVqC4LeLVV6QwhNNoCrDNoMYAG/IKBXie/WST+Z4bbhb i8JbBSV6UNg0QLUujuQWJZWjfw7lV7dIdoUoaeMWGqNmlWEV+djOHWBqBgBq0dErKBmLnp 1oVWsgFS7smLkmerhH6hU5J011wLwqnjUr7HEz62iD0d0PDE3a9w46SQHsys+Maon3na2E Q96VSieOUHaF2ZDJWF4J9ShRFS0DPsVYC8FTDMKRNuIs0JwC91+ty0xaEmsESQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4X7qLc5prJz1B11; Wed, 18 Sep 2024 07:01:12 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 48I71Cfp031774; Wed, 18 Sep 2024 07:01:12 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 48I71Cu2031771; Wed, 18 Sep 2024 07:01:12 GMT (envelope-from git) Date: Wed, 18 Sep 2024 07:01:12 GMT Message-Id: <202409180701.48I71Cu2031771@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Matthias Fechner Subject: git: 2e762b70abf9 - main - security/vuxml: document gitlab vulnerability List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-ports-main@freebsd.org Sender: owner-dev-commits-ports-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: mfechner X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 2e762b70abf959ddaa79255228795fab45e3eb4c Auto-Submitted: auto-generated The branch main has been updated by mfechner: URL: https://cgit.FreeBSD.org/ports/commit/?id=2e762b70abf959ddaa79255228795fab45e3eb4c commit 2e762b70abf959ddaa79255228795fab45e3eb4c Author: Matthias Fechner AuthorDate: 2024-09-18 07:00:19 +0000 Commit: Matthias Fechner CommitDate: 2024-09-18 07:01:07 +0000 security/vuxml: document gitlab vulnerability --- security/vuxml/vuln/2024.xml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index 629f49a7fe79..fa69689bed0f 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -1,3 +1,32 @@ + + Gitlab -- vulnerabilities + + + gitlab-ce + gitlab-ee + 17.3.017.3.3 + 17.2.017.2.7 + 017.1.8 + + + + +

Gitlab reports:

+
+

SAML authentication bypass

+
+ + + + CVE-2024-45409 + https://about.gitlab.com/releases/2024/09/17/patch-release-gitlab-17-3-3-released/ + + + 2024-09-17 + 2024-09-18 + + + OpenSSH -- Pre-authentication async signal safety issue