From nobody Mon Aug 14 14:11:24 2023 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RPbt45Fzmz4qXpQ; Mon, 14 Aug 2023 14:11:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RPbt44qznz3LbR; Mon, 14 Aug 2023 14:11:24 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1692022284; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=LXxLwgM4unuSQVxVd9KUBnm+VZpR6ezQYb15yrQfGeM=; b=W/CPE6iPrTKBtmODNXrfZ2KXJKViCJFP+fbfjba4Qhtc7EdYMpmLPGvKiOfJ/gvCJyDooM gQTvbLJv07SMDSw//suq63CjU62fg+6LN1JiJT/o2XK3U+rOYwZaRT+L7kfSBdSVgZ5dAu 6k5TNzLTyZ4au7wPnuXXPrOZa7H0ROD7vXizMLuwRTWVpyOJakwVzgI1AVeEU+IlbnJ244 qXUu0jywH9YUvHRvQfoIDp66S/vXv7oIkCgONc05VqfhaJ3aUJhHyxDUiXCT4TtCJ2viKv usdr5zXSJYN65fYdXHerLMUNFvepTXGMchvtj5CcMBj2UPUdbxDgIeN1PIFOLw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1692022284; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=LXxLwgM4unuSQVxVd9KUBnm+VZpR6ezQYb15yrQfGeM=; b=eS33R8zq7xRTtPjmzZWVjoQQe1ueZufzBLyoPXSTN80TEsEqlphOd+3yo5WAamgBo9sfEH ZjIzssE5cAuPMCtm9PnlHl9UZgd1sJ8zf5Qcx1EKXrD4/TQWtWcMsInq9Y52hM67lmGnHm KDnO64/170/jR+5vAFW1pFaWVeflF8FAs/xTyTMsCydieT+UPtwWqq9tmaf1aQS7tYQmF1 T6eSP7Vbefl5PRt5RlKe57FVx2uATQK9bu5It7nXnDGTZSLY3YXb7waEqsfJ2oAn7vFpkO Uby9gzjXqwbAigYrQwE1/hTq9mVL7XqCvO/v5hyLc/D1X4Uts3ZlInH9HPoJbw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1692022284; a=rsa-sha256; cv=none; b=XnUnXp6x14lY0ciw1S33Vo3AU9b+1Zi08Ds1Qh464Bz4KNIHlrbJb6GAo7tuipgMf043qd b2VVNvBhyisCQ4E9BNn9Ukn1bwmYQNYcZ1WBDdS3xS8q2Ygld+Bd4rjrm9dOvM1n0DT3yg pgozKooAYlqNeF+E6px6TweR68VHxFcxjPvwCPlaPT9Oqw7R5Mr2ianTyANNZrsYcgHw1P 4izZ93YdBqTYDN3VIhAh4yjqZ73rX5syGbCFszGz3XxtjSOCfu08Kq4qRoB9U0aJdZ42mF MxmYuz0Pesvg6/UJmPkwN3/YTPwXk4Egu45YnuP88/MEFWNhNfRLQ6Z5qPy1KQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4RPbt43v5RzXMR; Mon, 14 Aug 2023 14:11:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 37EEBOjf092013; Mon, 14 Aug 2023 14:11:24 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 37EEBOcS092010; Mon, 14 Aug 2023 14:11:24 GMT (envelope-from git) Date: Mon, 14 Aug 2023 14:11:24 GMT Message-Id: <202308141411.37EEBOcS092010@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Fernando =?utf-8?Q?Apestegu=C3=ADa?= Subject: git: cc6eb206e592 - main - security/vuxml: add typo3 vulnerabilities List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: fernape X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: cc6eb206e592d6be6c11b92e733c56f4914ec9a9 Auto-Submitted: auto-generated The branch main has been updated by fernape: URL: https://cgit.FreeBSD.org/ports/commit/?id=cc6eb206e592d6be6c11b92e733c56f4914ec9a9 commit cc6eb206e592d6be6c11b92e733c56f4914ec9a9 Author: Fernando ApesteguĂ­a AuthorDate: 2023-08-14 14:00:40 +0000 Commit: Fernando ApesteguĂ­a CommitDate: 2023-08-14 14:10:09 +0000 security/vuxml: add typo3 vulnerabilities https://typo3.org/article/typo3-1244-and-11530-security-releases-published CVE-2023-38500 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2023-38499 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2023-37905 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N PR: 273128 --- security/vuxml/vuln/2023.xml | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml index 04a16d4ed0d1..d699f76f9400 100644 --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -1,3 +1,39 @@ + + typo3 -- multiple vulnerabilities + + + typo3-11-php80 + typo3-11-php81 + 11.5.30 + + + typo3-12-php80 + typo3-12-php81 + 12.4.4 + + + + +

TYPO3 reports:

+
+

TYPO3-CORE-SA-2023-002: By-passing Cross-Site Scripting Protection in HTML Sanitizer

+

TYPO3-CORE-SA-2023-003: Information Disclosure due to Out-of-scope Site Resolution

+

TYPO3-CORE-SA-2023-004: Cross-Site Scripting in CKEditor4 WordCount Plugin

+
+ + + + + + + https://typo3.org/article/typo3-1244-and-11530-security-releases-published + + + 2023-07-25 + 2023-08-14 + + + postgresql-server -- MERGE fails to enforce UPDATE or SELECT row security policies