Date: Sun, 13 Feb 2022 09:15:37 GMT From: Kai Knoblich <kai@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 78783e7e4521 - main - security/vuxml: Document devel/py-twisted vulnerabilities Message-ID: <202202130915.21D9Fbq4065423@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by kai: URL: https://cgit.FreeBSD.org/ports/commit/?id=78783e7e45213fa7bb27f58e35858e13c780aeba commit 78783e7e45213fa7bb27f58e35858e13c780aeba Author: Sascha Biberhofer <ports@skyforge.at> AuthorDate: 2022-02-13 09:05:02 +0000 Commit: Kai Knoblich <kai@FreeBSD.org> CommitDate: 2022-02-13 09:14:32 +0000 security/vuxml: Document devel/py-twisted vulnerabilities PR: 261791 --- security/vuxml/vuln-2022.xml | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml index 5e3a5b38499a..c66aca81ecf8 100644 --- a/security/vuxml/vuln-2022.xml +++ b/security/vuxml/vuln-2022.xml @@ -1,3 +1,31 @@ + <vuln vid="24049967-88ec-11ec-88f5-901b0e934d69"> + <topic>py-twisted -- cookie and authorization headers are leaked when following cross-origin redirects</topic> + <affects> + <package> + <name>py37-twisted</name> + <name>py38-twisted</name> + <name>py39-twisted</name> + <name>py310-twisted</name> + <range><lt>22.1.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Twisted developers report:</p> + <blockquote cite="https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx">; + <p> Cookie and Authorization headers are leaked when following cross-origin redirects in <code>twited.web.client.RedirectAgent</code> and <code>twisted.web.client.BrowserLikeRedirectAgent</code>.</p> + </blockquote> + </body> + </description> + <references> + <url>https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx</url>; + </references> + <dates> + <discovery>2022-02-07</discovery> + <entry>2022-02-13</entry> + </dates> + </vuln> + <vuln vid="d923fb0c-8c2f-11ec-aa85-0800270512f4"> <topic>zsh -- Arbitrary command execution vulnerability</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202202130915.21D9Fbq4065423>