From nobody Thu Dec 07 00:34:32 2023 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SlwJY26HBz53GJ9; Thu, 7 Dec 2023 00:34:37 +0000 (UTC) (envelope-from philip@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4SlwJY1Zslz4NDH; Thu, 7 Dec 2023 00:34:37 +0000 (UTC) (envelope-from philip@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1701909277; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=yWexDHCO+31PXLAj3dDlrT/BGeXBzS9D/MhZIHZwwWU=; b=Y5BL16dMEMO5Qo+dOMt+V+ZzN+3hP+F50KXZGTvLDGozqZUlEBw/S2Y74xZ3udAqGiATgn dnLsOqVtWiEHHXWBUSrsk0scpQdUzpKP7xPo1QZAglUAEPi1lrUXxvkNjwG3fankRh8UAA urmBOyV3LgAY3gbfcm5a6HzDlXge+92qLALcJNNiFOnSLIIEt09m4cnUuuTeJP0xT1nv0u pLWNzi+gNCsdUDtTkT15BEKciQshnGhYyKMWBOj3VS+AxeohVN1Jadg+hIBPVP1vJS+IBI 5y/2dP/AZwKHwGTtCqte7FC4SSKJafWNFUQ4Nr/HILP1S9gh0b4YxRuFvdvhvw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1701909277; a=rsa-sha256; cv=none; b=xBpBF//cD0+4CeR19CzWA/hDxFQb5QH1GikcOBPvHepA41OtmOKZDh88GGLdU/JK5UbHkH KHPOm3uJJxlzRUazGKsX5oEvBLOJtGqUGNLt1QbpiDGW4sJpfIrKS2PRiJTCei7o7Mx1kt hfiYh/FXQRcEsNL0zV0KuaiJc+udTC5SmngFpZxuNY5+0+Am1oLe4wQJ/qpkhKn6vf/5dQ zjnsks3q3TjL+VA3u++rHYykq/sH2dTyMP+1tuqnWyz12Zqo9eNxMux4U9I5hh0XyV2GZi l07C9ujjPIq1IglhcvWdSAkqFfVNjjVpoLc8pLcxks+a/klhZ3t8/2gZhMAvLw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1701909277; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=yWexDHCO+31PXLAj3dDlrT/BGeXBzS9D/MhZIHZwwWU=; b=V/XOKPB1oobNpahMtePEEwIj8yngFw1xELAkVLLavWzVA1YE8VCdEM2qCvNksb6VhQN568 GlbrtIoWGxaMHVx69qE7xP0eHXXWvP7CVUPmXRqST/IZRzjNf+dxUi6TU56yO7VIpprZJ6 LhlzS/wsxhu3I+uvDFL62L0IMqnrKEYhKBZ3oAB/CucYCNsDnnStdzjy53TKS5vdKHLbFH 8q+/LUnueXfxIt8N5K6UBGpBu/xiS8GJsa1Gn+vHS784yWk5hi4w8z4BhaMXM+9tV5N/xR bCdhBZTY7vMmODCNchhmkNE3RWfJe1yhw8bUqDlxgEE60c0n2uxjcpkq6seY4g== Received: from auth1-smtp.messagingengine.com (auth1-smtp.messagingengine.com [66.111.4.227]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: philip/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4SlwJY0PWMz1LFq; Thu, 7 Dec 2023 00:34:37 +0000 (UTC) (envelope-from philip@freebsd.org) Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailauth.nyi.internal (Postfix) with ESMTP id BA20127C0054; Wed, 6 Dec 2023 19:34:36 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute5.internal (MEProxy); Wed, 06 Dec 2023 19:34:36 -0500 X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrudekuddgvdefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefhvfevufffoffkjghfgggtgfesth hqmhdtredttdenucfhrhhomheprfhhihhlihhpucfrrggvphhsuceophhhihhlihhpsehf rhgvvggsshgurdhorhhgqeenucggtffrrghtthgvrhhnpeejudekfffgffekjeffgfefgf eltdehhfffgeegveegveehvdehgedtuddvteekieenucffohhmrghinhepfhhrvggvsghs ugdrohhrghenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhroh hmpehphhhilhhiphdomhgvshhmthhprghuthhhphgvrhhsohhnrghlihhthidqudduieei vdeivdegkedqvdefhedukedttdekqdhphhhilhhipheppehfrhgvvggsshgurdhorhhgse htrhhouhgslhgvrdhish X-ME-Proxy: Feedback-ID: ia691475d:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 6 Dec 2023 19:34:35 -0500 (EST) From: Philip Paeps To: Dan Langille Cc: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: Re: git: a580d36be4c7 - main - security/vuxml: add FreeBSD SA released on 2023-12-05 Date: Thu, 07 Dec 2023 08:34:32 +0800 X-Mailer: MailMate (1.14r6005) Message-ID: <38DAC2D1-58B0-43C5-9F1E-97281068AFD5@freebsd.org> In-Reply-To: <4c967ca4-bfa1-4e30-b330-feb94d6c765b@app.fastmail.com> References: <202312052304.3B5N4IOf078862@gitrepo.freebsd.org> <4c967ca4-bfa1-4e30-b330-feb94d6c765b@app.fastmail.com> List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; format=flowed Content-Transfer-Encoding: quoted-printable On 2023-12-07 01:37:01 (+0800), Dan Langille wrote: > On Tue, Dec 5, 2023, at 6:04 PM, Philip Paeps wrote: >> The branch main has been updated by philip: >> >> URL: >> https://cgit.FreeBSD.org/ports/commit/?id=3Da580d36be4c7a18862a6a110e8= bc2ba14e695125 >> >> commit a580d36be4c7a18862a6a110e8bc2ba14e695125 >> Author: Philip Paeps >> AuthorDate: 2023-12-05 23:01:20 +0000 >> Commit: Philip Paeps >> CommitDate: 2023-12-05 23:01:20 +0000 >> >> security/vuxml: add FreeBSD SA released on 2023-12-05 >> >> FreeBSD-SA-23:17.pf affects all supported releases (12.4, 13.2, = >> 14.0). >> --- >> security/vuxml/vuln/2023.xml | 41 = >> +++++++++++++++++++++++++++++++++++++++++ >> 1 file changed, 41 insertions(+) >> >> diff --git a/security/vuxml/vuln/2023.xml = >> b/security/vuxml/vuln/2023.xml >> index c484528898f7..6516a6a58f8a 100644 >> --- a/security/vuxml/vuln/2023.xml >> +++ b/security/vuxml/vuln/2023.xml >> @@ -1,3 +1,44 @@ >> + >> + FreeBSD -- TCP spoofing vulnerability in pf(4) >> + >> + >> + FreeBSD-kernel >> + 14.014.0_2 >> + 13.213.2_7 > > Houston, we have a problem. > > [17:31 r730-03 dvl ~] % freebsd-version -ukr > 13.2-RELEASE-p4 > 13.2-RELEASE-p4 > 13.2-RELEASE-p7 > > [17:35 r730-03 dvl ~] % = > /usr/local/etc/periodic/security/405.pkg-base-audit > > Checking for security vulnerabilities in base (userland & kernel): > Host system: > Database fetched: 2023-12-06T07:45+00:00 > FreeBSD-kernel-13.2_4 is vulnerable: > FreeBSD -- TCP spoofing vulnerability in pf(4) > CVE: CVE-2023-6534 > WWW: = > https://vuxml.FreeBSD.org/freebsd/9cbbc506-93c1-11ee-8e38-002590c1f29c.= html > > 1 problem(s) in 1 installed package(s) found. > 0 problem(s) in 0 installed package(s) found. > > ... > > I hope to avoid a situation where false positives continue until the = > user land and kernel are on the patch levels. This is the same problem we've had before, isn't it? Did we find an = actual solution to that, or do we have to wait until the next SA brings = the freebsd-version numbers back in line? In other words: is there anything I can do, right now, to make this = better for you? :-) Philip -- = Philip Paeps Senior Reality Engineer Alternative Enterprises