Date: Sat, 04 Jul 2026 14:09:21 +0000 From: Thomas Zander <riggs@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: f4c5557d84ef - main - security/vuxml: Document multiple vulnerabilities in traefik Message-ID: <6a491411.3b555.5d81b75a@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by riggs: URL: https://cgit.FreeBSD.org/ports/commit/?id=f4c5557d84ef308a30468d472879d987892fed1a commit f4c5557d84ef308a30468d472879d987892fed1a Author: Thomas Zander <riggs@FreeBSD.org> AuthorDate: 2026-07-04 14:08:41 +0000 Commit: Thomas Zander <riggs@FreeBSD.org> CommitDate: 2026-07-04 14:09:19 +0000 security/vuxml: Document multiple vulnerabilities in traefik --- security/vuxml/vuln/2026.xml | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml index 4617ac143e15..28aaf8039844 100644 --- a/security/vuxml/vuln/2026.xml +++ b/security/vuxml/vuln/2026.xml @@ -1,3 +1,35 @@ + <vuln vid="803b9816-77af-11f1-ba71-5404a68ad561"> + <topic>traefik -- Multiple vulnerabilities</topic> + <affects> + <package> + <name>traefik</name> + <range><lt>3.7.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The traefik project releases a new version addressing multiple CVEs:</p> + <blockquote cite="https://github.com/traefik/traefik/releases/tag/v3.7.6"> + <ul> + <li>CVE-2026-54763 (underscore-variant identity spoofing)</li> + <li>CVE-2026-54764 (ForwardAuth middleware leaks X-Forwarded-Port spoofing)</li> + <li>CVE-2026-54765 (Gateway HTTPRoute backendRef filters can leak backend context)</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-54763</cvename> + <cvename>CVE-2026-54764</cvename> + <cvename>CVE-2026-54765</cvename> + <url>https://github.com/traefik/traefik/releases/tag/v3.7.6</url> + </references> + <dates> + <discovery>2026-06-30</discovery> + <entry>2026-07-04</entry> + </dates> + </vuln> + <vuln vid="dfa2ef44-7785-11f1-99fc-40b034429ecf"> <topic>p5-CGI-Session -- secuity fixes</topic> <affects>home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6a491411.3b555.5d81b75a>
