Date: Sat, 08 Oct 2022 14:42:38 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 266905] ports-mgmt/poudriere Message-ID: <bug-266905-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D266905 Bug ID: 266905 Summary: ports-mgmt/poudriere Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: bdrewery@FreeBSD.org Reporter: ian@south-border.com Assignee: bdrewery@FreeBSD.org Flags: maintainer-feedback?(bdrewery@FreeBSD.org) Is there any way to bump up the jquery version from 1.11.1 to something new= er?=20 Nessus is reporting that that version is vulnerable. File location is /usr/local/share/poudriere/html/assets/jquery-1.11.1.min.js. The blurb from the scan is: JQuery 1.2 < 3.5.0 Multiple XSS Description According to the self-reported version in the script, the version of JQuery hosted on the remote web server is greater than or equal to 1.2 and prior to 3.5.0. It is, therefore, affected by multiple cross site scripting vulnerabilities. Note, the vulnerabilities referenced in this plugin have no security impact= on PAN-OS, and/or the scenarios required for successful exploitation do not ex= ist on devices running a PAN-OS release. Solution Upgrade to JQuery version 3.5.0 or later. See Also https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://security.paloaltonetworks.com/PAN-SA-2020-0007 Thanks, Ian --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-266905-7788>