Date: Sun, 16 Jun 2024 08:22:08 GMT From: Thomas Zander <riggs@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 7b97499d3848 - main - security/vuxml: Document vulnerability in net/traefik Message-ID: <202406160822.45G8M8DC043957@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by riggs: URL: https://cgit.FreeBSD.org/ports/commit/?id=7b97499d38482d45c00fde03c1b2cb55558e7e68 commit 7b97499d38482d45c00fde03c1b2cb55558e7e68 Author: Thomas Zander <riggs@FreeBSD.org> AuthorDate: 2024-06-15 10:22:02 +0000 Commit: Thomas Zander <riggs@FreeBSD.org> CommitDate: 2024-06-16 08:22:04 +0000 security/vuxml: Document vulnerability in net/traefik Details: - Document Unexpected behavior with IPv4-mapped IPv6 addresses in net/traefik before 2.11.4, see: https://github.com/traefik/traefik/security/advisories/GHSA-7jmw-8259-q9jx --- security/vuxml/vuln/2024.xml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index a69644a90896..9625555b8194 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -1,3 +1,32 @@ + <vuln vid="219aaa1e-2aff-11ef-ab37-5404a68ad561"> + <topic>traefik -- Unexpected behavior with IPv4-mapped IPv6 addresses</topic> + <affects> + <package> + <name>traefik</name> + <range><lt>2.11.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>The traefik authors report:</p> + <blockquote cite="https://github.com/traefik/traefik/security/advisories/GHSA-7jmw-8259-q9jx">; + <p>There is a vulnerability in Go managing various Is methods + (IsPrivate, IsLoopback, etc) for IPv4-mapped IPv6 addresses. + They didn't work as expected returning false for addresses + which would return true in their traditional IPv4 forms.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2024-24790</cvename> + <url>https://github.com/traefik/traefik/security/advisories/GHSA-7jmw-8259-q9jx</url>; + </references> + <dates> + <discovery>2024-06-05</discovery> + <entry>2024-06-15</entry> + </dates> + </vuln> + <vuln vid="a5c64f6f-2af3-11ef-a77e-901b0e9408dc"> <topic>go -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202406160822.45G8M8DC043957>