From nobody Fri Feb 18 06:57:10 2022
X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id A790119D1C5A;
	Fri, 18 Feb 2022 06:57:10 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4K0MvB4Mx6z3Mpc;
	Fri, 18 Feb 2022 06:57:10 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1645167430;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=HmaqDgD93Wxxx/qWkm29tVBTlYlfZf8MzBwMVAZPFtM=;
	b=EN+aLxc+vjCU5LoQ7gUO0JrGhksjl0KXfkd5RCeVuTwHzwL0zb3LMYzDo9bkxLl72xI1fb
	UdU81To/omtKgZ5GtNLZJt1gt1QuGemu72+qR80Mw690+MghbXg6ZJ6txTJR11JDVM+1QI
	rZsF8CCOA+HA/us1rH6sn7+n4lcmyGIKv9roMHh4KY82V90Xtb0CzCRcil0ahAwNKVfsHk
	LhZKl2Ioxo9W4gLxmF4so8jMXqReaXOTdnYVEXm/jNre24QM/yxGGwieWVjioGrfNI8tK5
	sOh5WiXs5ICmVnNtQVGvqPv8SjeIUV9YN9C8NvSEep1AoPp3umfVQBmGRx8rvA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 6BE1418A77;
	Fri, 18 Feb 2022 06:57:10 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 21I6vAFK030859;
	Fri, 18 Feb 2022 06:57:10 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 21I6vAuL030858;
	Fri, 18 Feb 2022 06:57:10 GMT
	(envelope-from git)
Date: Fri, 18 Feb 2022 06:57:10 GMT
Message-Id: <202202180657.21I6vAuL030858@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
        dev-commits-ports-main@FreeBSD.org
From: Guangyuan Yang <ygy@FreeBSD.org>
Subject: git: 22f3abc58003 - main - security/vuxml: Document lang/go vulnerabilities
List-Id: Commit messages for all branches of the ports repository <dev-commits-ports-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all
List-Help: <mailto:dev-commits-ports-all+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-ports-all@freebsd.org
X-BeenThere: dev-commits-ports-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: ygy
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 22f3abc580039858345135d5595a24ada983bd0c
Auto-Submitted: auto-generated
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1645167430;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=HmaqDgD93Wxxx/qWkm29tVBTlYlfZf8MzBwMVAZPFtM=;
	b=bkWeJzxyqeWYUW0wgz2RwamhK3am9b3DSBOKuB28EGUnEp0yoP70XqIDmgsBIOxcBc4F2b
	9dou8Tbswsbo9/3m33DaCC1fIxWyHpn287cxsb5rOjahDbINSFvFAZ2q1VLn7LdnbDoH9G
	pU9s26T8JiEKu8Og0r6G7rnX9TL94si+PRXs2mx2UkWEj6thZjC4N5e2dCdot0GUHptNcB
	NAN0Gh7DHoJSyLDgwelz/2tE+qF7sCrrGCRpJvi9hTxHxvcdJrlxquQBiAyx2J+EAzhHKE
	Pd0wHfdXa2/6ZLMoVzveaaWk+GEjw48F6WOl1Dy8b9CdZWAvATudUWYWhlldDg==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1645167430; a=rsa-sha256; cv=none;
	b=AYYKohzi4ip3Papg7T+gd9CIlcGDy/U1Ei5if6mU6FFILZ/DyrKidL6psMKBNYo7qqPrt8
	3tfrHvjxa+O1InWLjqwj9g+I9j1/uInH8IIYkRLXSa/VSt3mmC4c0YrlKfNGH1yT35U2Rv
	0vuxDkpzbvkyKQ1NTd9X/R2k1B9OBLwF9IUZDYnTJIpDjn3iFnIi1KnIVQAddL8izD9kmt
	0IE8Au9XJrDyqMXyyz/N9rsiiqO9n89IUepEmw7Kbhzpnn9Puvjywt4uYgNePAVE/EKz7W
	rza95jyFqYxjL9f7I39EBQ/AvZo0KhGR9+yZT7jvR7/Vno2OgymJ9htjGLE4/A==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
X-ThisMailContainsUnwantedMimeParts: N

The branch main has been updated by ygy:

URL: https://cgit.FreeBSD.org/ports/commit/?id=22f3abc580039858345135d5595a24ada983bd0c

commit 22f3abc580039858345135d5595a24ada983bd0c
Author:     Guangyuan Yang <ygy@FreeBSD.org>
AuthorDate: 2022-02-18 06:57:00 +0000
Commit:     Guangyuan Yang <ygy@FreeBSD.org>
CommitDate: 2022-02-18 06:57:00 +0000

    security/vuxml: Document lang/go vulnerabilities
---
 security/vuxml/vuln-2022.xml | 47 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)

diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml
index dbb32dd8738c..1a43c5a684a5 100644
--- a/security/vuxml/vuln-2022.xml
+++ b/security/vuxml/vuln-2022.xml
@@ -1,3 +1,50 @@
+  <vuln vid="096ab080-907c-11ec-bb14-002324b2fba8">
+    <topic>go -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>go</name>
+	<range><lt>1.17.7,1</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>The Go project reports:</p>
+	<blockquote cite="https://github.com/golang/go/issues/50974">
+	  <p>crypto/elliptic: fix IsOnCurve for big.Int values that are not
+	    valid coordinates</p>
+	  <p>Some big.Int values that are not valid field elements (negative or
+	    overflowing) might cause Curve.IsOnCurve to incorrectly return true.
+	    Operating on those values may cause a panic or an invalid curve
+	    operation. Note that Unmarshal will never return such values.</p>
+	</blockquote>
+	<blockquote cite="https://github.com/golang/go/issues/50699">
+	  <p>math/big: prevent large memory consumption in Rat.SetString</p>
+	  <p>An attacker can cause unbounded memory growth in a program using
+	    (*Rat).SetString due to an unhandled overflow.</p>
+	</blockquote>
+	<blockquote cite="https://github.com/golang/go/issues/35671">
+	  <p>cmd/go: prevent branches from materializing into versions</p>
+	  <p>A branch whose name resembles a version tag (such as "v1.0.0" or
+	    "subdir/v2.0.0-dev") can be considered a valid version by the go
+	    command. Materializing versions from branches might be unexpected
+	    and bypass ACLs that limit the creation of tags but not branches.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2022-23806</cvename>
+      <url>https://github.com/golang/go/issues/50974</url>
+      <cvename>CVE-2022-23772</cvename>
+      <url>https://github.com/golang/go/issues/50699</url>
+      <cvename>CVE-2022-23773</cvename>
+      <url>https://github.com/golang/go/issues/35671</url>
+    </references>
+    <dates>
+      <discovery>2022-02-10</discovery>
+      <entry>2022-02-18</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="e12432af-8e73-11ec-8bc4-3065ec8fd3ec">
     <topic>chromium -- multiple vulnerabilities</topic>
     <affects>