Date: Fri, 10 Apr 2026 20:20:41 +0000 From: Yusuf Yaman <nxjoseph@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 050b652ec0a0 - main - security/vuxml: Add DNSdist vulnerabilities Message-ID: <69d95b99.44523.108b67ea@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by nxjoseph: URL: https://cgit.FreeBSD.org/ports/commit/?id=050b652ec0a002f88a1373b816ef2b7d7b53756b commit 050b652ec0a002f88a1373b816ef2b7d7b53756b Author: Yusuf Yaman <nxjoseph@FreeBSD.org> AuthorDate: 2026-04-10 17:39:31 +0000 Commit: Yusuf Yaman <nxjoseph@FreeBSD.org> CommitDate: 2026-04-10 20:20:08 +0000 security/vuxml: Add DNSdist vulnerabilities PR: 294225 Approved by: osa (mentor) --- security/vuxml/vuln/2026.xml | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml index c6256911035d..9b1b7635048b 100644 --- a/security/vuxml/vuln/2026.xml +++ b/security/vuxml/vuln/2026.xml @@ -1,3 +1,43 @@ + <vuln vid="431c2753-3503-11f1-bc6d-3c7c3fba4204"> + <topic>DNSdist -- vulnerabilities</topic> + <affects> + <package> + <name>dnsdist</name> + <range><lt>2.0.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html reports:</p> + <blockquote cite="https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html">; + <ul> + <li>CVE-2026-0396: HTML injection in the web dashboard</li> + <li>CVE-2026-0397: Information disclosure via CORS misconfiguration</li> + <li>CVE-2026-24028: Out-of-bounds read when parsing DNS packets via Lua</li> + <li>CVE-2026-24029: DNS over HTTPS ACL bypass</li> + <li>CVE-2026-24030: Unbounded memory allocation for DoQ and DoH3</li> + <li>CVE-2026-27853: Out-of-bounds write when rewriting large DNS packets</li> + <li>CVE-2026-27854: Use after free when parsing EDNS options in Lua</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-0396</cvename> + <cvename>CVE-2026-0397</cvename> + <cvename>CVE-2026-24028</cvename> + <cvename>CVE-2026-24029</cvename> + <cvename>CVE-2026-24030</cvename> + <cvename>CVE-2026-27853</cvename> + <cvename>CVE-2026-27854</cvename> + <url>https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html</url>; + </references> + <dates> + <discovery>2026-03-31</discovery> + <entry>2026-04-10</entry> + </dates> + </vuln> + <vuln vid="d77bd2f5-34f0-11f1-bc6d-3c7c3fba4204"> <topic>Mbed TLS -- vulnerabilities</topic> <affects>home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69d95b99.44523.108b67ea>