From owner-dev-commits-ports-main@freebsd.org  Tue Apr 20 03:52:04 2021
Return-Path: <owner-dev-commits-ports-main@freebsd.org>
Delivered-To: dev-commits-ports-main@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id B87645E2A04;
 Tue, 20 Apr 2021 03:52:04 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4FPV9w4vpkz3jMn;
 Tue, 20 Apr 2021 03:52:04 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:5])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 9B94C3B02;
 Tue, 20 Apr 2021 03:52:04 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
 by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 13K3q4iC085098;
 Tue, 20 Apr 2021 03:52:04 GMT (envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
 by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 13K3q4Hp085097;
 Tue, 20 Apr 2021 03:52:04 GMT (envelope-from git)
Date: Tue, 20 Apr 2021 03:52:04 GMT
Message-Id: <202104200352.13K3q4Hp085097@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
 dev-commits-ports-main@FreeBSD.org
From: Don Lewis <truckman@FreeBSD.org>
Subject: git: 940cf9711a1e - main - security/vuxml: Document OpenOffice
 vulnerability CVE-2021-30245
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: truckman
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 940cf9711a1e9fffe0878f2c9bf916479f170972
Auto-Submitted: auto-generated
X-BeenThere: dev-commits-ports-main@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Commits to the main branch of the FreeBSD ports repository
 <dev-commits-ports-main.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/dev-commits-ports-main>, 
 <mailto:dev-commits-ports-main-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/dev-commits-ports-main/>
List-Post: <mailto:dev-commits-ports-main@freebsd.org>
List-Help: <mailto:dev-commits-ports-main-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/dev-commits-ports-main>, 
 <mailto:dev-commits-ports-main-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Apr 2021 03:52:04 -0000

The branch main has been updated by truckman:

URL: https://cgit.FreeBSD.org/ports/commit/?id=940cf9711a1e9fffe0878f2c9bf916479f170972

commit 940cf9711a1e9fffe0878f2c9bf916479f170972
Author:     Don Lewis <truckman@FreeBSD.org>
AuthorDate: 2021-04-20 03:49:20 +0000
Commit:     Don Lewis <truckman@FreeBSD.org>
CommitDate: 2021-04-20 03:49:20 +0000

    security/vuxml: Document OpenOffice vulnerability CVE-2021-30245
---
 security/vuxml/vuln.xml | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 97c9911ca975..006e614389c2 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -76,6 +76,36 @@ Notes:
   * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="e87c2647-a188-11eb-8806-1c1b0d9ea7e6">
+    <topic>All versions of Apache OpenOffice through 4.1.9 can open non-http(s) hyperlinks. If the link is specifically crafted this could lead to untrusted code execution.</topic>
+    <affects>
+      <package>
+       <name>apache-openoffice</name>
+       <range><lt>4.1.10</lt></range>
+      </package>
+      <package>
+       <name>apache-openoffice-devel</name>
+       <range><lt>4.2.1612022694,4</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>The Apache Openofffice project reports:</p>
+	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30245">
+	  <p>The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-http(s) hyperlinks. The problem has existed since about 2006 and the issue is also in 4.1.9. If the link is specifically crafted this could lead to untrusted code execution. It is always best practice to be careful opening documents from unknown and unverified sources. The mitigation in Apache OpenOffice 4.1.10 (unreleased) assures that a security warning is displayed giving the user the option of continuing to open the hyperlink.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30245</url>
+      <cvename>CVE-2021-30245</cvename>
+    </references>
+    <dates>
+      <discovery>2021-01-25</discovery>
+      <entry>2021-04-20</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="20006b5f-a0bc-11eb-8ae6-fc4dd43e2b6a">
     <topic>Apache Maven -- multiple vulnerabilities</topic>
     <affects>