Date: Sun, 17 Sep 2023 18:33:50 +0000 From: Alexey Dokuchaev <danfe@freebsd.org> To: "Jason E. Hale" <jhale@freebsd.org> Cc: Bernard Spil <brnrd@freebsd.org>, ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, dev-commits-ports-main@freebsd.org Subject: Re: git: a3dec5316c3e - main - security/vuxml: Document cURL vulnerability Message-ID: <ZQdGjkvUsN1RjA8k@FreeBSD.org> In-Reply-To: <CAJE75NFU_dEGvhW2XQrjOVtQLow=-hBA1Xz4anW0AZf9tJ-oKw@mail.gmail.com> References: <202309161328.38GDSngf016525@gitrepo.freebsd.org> <CAJE75NFU_dEGvhW2XQrjOVtQLow=-hBA1Xz4anW0AZf9tJ-oKw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Sep 17, 2023 at 02:23:22PM -0400, Jason E. Hale wrote: > > commit a3dec5316c3e45a676eef22de283ad57ea6a3111 > > > > security/vuxml: Document cURL vulnerability > > > > PR: 273764 > > Reported by: yasu > > [...] > > + <vuln vid="b5508c08-547a-11ee-85eb-84a93843eb75"> > > + <topic>Roundcube -- XSS vulnerability</topic> > > + <affects> > > +-- > > +2.42.0 > > + > > You probably didn't mean to add this file. Could you remove it please? Could it be the reason why any "make" command in any port now complains that it has known vulnerabilities? Preceding lines are: pkg-static: Invalid end of XML pkg-static: cannot process vulnxml ./danfe
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ZQdGjkvUsN1RjA8k>