Date: Mon, 18 Sep 2023 03:06:28 +0000 From: Alexey Dokuchaev <danfe@freebsd.org> To: "Jason E. Hale" <jhale@freebsd.org> Cc: Bernard Spil <brnrd@freebsd.org>, ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, dev-commits-ports-main@freebsd.org Subject: Re: git: a3dec5316c3e - main - security/vuxml: Document cURL vulnerability Message-ID: <ZQe-tN15B4UNaKUi@FreeBSD.org> In-Reply-To: <ZQdGjkvUsN1RjA8k@FreeBSD.org> References: <202309161328.38GDSngf016525@gitrepo.freebsd.org> <CAJE75NFU_dEGvhW2XQrjOVtQLow=-hBA1Xz4anW0AZf9tJ-oKw@mail.gmail.com> <ZQdGjkvUsN1RjA8k@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Sep 17, 2023 at 06:33:50PM +0000, Alexey Dokuchaev wrote: > On Sun, Sep 17, 2023 at 02:23:22PM -0400, Jason E. Hale wrote: > > > commit a3dec5316c3e45a676eef22de283ad57ea6a3111 > > > > > > security/vuxml: Document cURL vulnerability > > > > > > PR: 273764 > > > Reported by: yasu > > > [...] > > > + <vuln vid="b5508c08-547a-11ee-85eb-84a93843eb75"> > > > + <topic>Roundcube -- XSS vulnerability</topic> > > > + <affects> > > > +-- > > > +2.42.0 > > > + > > > > You probably didn't mean to add this file. Could you remove it please? > > Could it be the reason why any "make" command in any port now complains > that it has known vulnerabilities? Never mind, committed attachment file is bogus, but apparently harmless. It's just my /var/db/pkg/vuln.xml somehow got corrupted, `pkg audit -F' had fixed the problem. ./danfe
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ZQe-tN15B4UNaKUi>