From nobody Tue Jan 03 11:12:30 2023 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NmVSZ5l8Gz2qlWN; Tue, 3 Jan 2023 11:12:30 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4NmVSZ5BFJz4R15; Tue, 3 Jan 2023 11:12:30 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1672744350; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=k5Z8qcdvvIEL8hFlekuuW9DNGo+aDyP3TUZaofyHsRM=; b=gDYOYjIAPb3TbPo6atTBMo7N0dHwrJRyw983Xostbm7LWaEpMINxW9Xu7WoZeCVdUjD51f NMKavCsaGOCJO5aaIguhmloz31A5c5ErkZQL9xg9Nmaik9yt8uFuQpIKZgeuhvNzRR4MGO BX5wKijFvnv/svZ9s68Ii9Hep0l+jcXc/SxbqPuvI70+gUCgKxy5/SqPsBVeYWX95ZvxaJ L9iIMgmPXk5zViO6N0j0EzXw5uQM5IlpznU3xbtXbYUN0FboYijpwiJ2a6vXZjs01OjQso a1wELn+O+Q5/1EqD7bnh/lsXzhfr87vmsjYNwwwLlTRfPhgGrytBINpCfq4GTA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1672744350; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=k5Z8qcdvvIEL8hFlekuuW9DNGo+aDyP3TUZaofyHsRM=; b=Nhf0WY6EnqoCcljPis2AoafFi9giqCvIEs9YAh/PoZQljo+r/D9HHWT3l06+VXZ/E09EJT 7dlYSSBnI5I02W1a/dO9TX375eMcKHeHC/zUPSigf2wganz9UZV4VW49PaevNGBeVeeuHd oOTAQax50wyotrQrkn6BtOXInojXmM2JmAL7Sz1CBpifslkobg8QSCefEEwCniznrRv0qP ZhP/xijqCCTe6M/n0zR5d9djhZeBePwi+bXWvSb2jWXplhuHII0juSKh5qiPJh1crfDTPa VNvDqm7QlYdMKmYrdmK8heFDCxew9onaklow6wbQ/b7mfK2lIl5noLa7Jbll2w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1672744350; a=rsa-sha256; cv=none; b=Yc6SCgFOqSLunjtX6qMAf+AFfI45EkchyGrHIohM8lvIKS0eTIYjPQqHgTVGV1BkldaXbW ZTTeQffndo2yfMH1Icr7vQh7wcnuDB4MozuPAhDo39lHgp2DmW6+A+Mje095lNK2vU71gN roB8xRt9gnFwtq5NA9CRvDahB8q7zdR62sSfwn384B+l1OlcMn/WWNSeUm8d7DiEqVycPV mVl43W/c3USRZ1IO2+gvtvKcEZFGL6LyiMrWSX7/CDv9QQY5crcAhOwkKqxz73JqVZ1G8/ ub4rzDF/fPHl4741PYrdln8hKx1TG0mUiK3GZ7p2K73uvWuEoh0o6uZU95EjjA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4NmVSZ4DCczTSM; Tue, 3 Jan 2023 11:12:30 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 303BCUvR047154; Tue, 3 Jan 2023 11:12:30 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 303BCUgD047153; Tue, 3 Jan 2023 11:12:30 GMT (envelope-from git) Date: Tue, 3 Jan 2023 11:12:30 GMT Message-Id: <202301031112.303BCUgD047153@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Thierry Thomas Subject: git: 93b08b54dd5e - main - security/vuxml: add an entry for CVE-2022-4170 in x11/rxvt-unicode List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: thierry X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 93b08b54dd5ecbc0fe26aa4660191a591e213f5f Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by thierry: URL: https://cgit.FreeBSD.org/ports/commit/?id=93b08b54dd5ecbc0fe26aa4660191a591e213f5f commit 93b08b54dd5ecbc0fe26aa4660191a591e213f5f Author: Thierry Thomas AuthorDate: 2023-01-03 10:16:55 +0000 Commit: Thierry Thomas CommitDate: 2023-01-03 11:12:27 +0000 security/vuxml: add an entry for CVE-2022-4170 in x11/rxvt-unicode Security: CVE-2022-4170 --- security/vuxml/Makefile | 1 + security/vuxml/vuln/2023.xml | 29 +++++++++++++++++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/security/vuxml/Makefile b/security/vuxml/Makefile index 11132d8c65d5..1c5016141eb3 100644 --- a/security/vuxml/Makefile +++ b/security/vuxml/Makefile @@ -10,6 +10,7 @@ DIST_SUBDIR= vuxml MAINTAINER= ports-secteam@FreeBSD.org COMMENT= Vulnerability and eXposure Markup Language DTD +WWW= https://vuxml.freebsd.org/ LICENSE= BSD2CLAUSE diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml index 794ada3ebc27..8b880c07b232 100644 --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -1,3 +1,32 @@ + + rxvt-unicode is vulnerable to a remote code execution + + + rxvt-unicode + 9.31 + + + + +

Marc Lehmann reports:

+
+

The biggest issue is resolving CVE-2022-4170, which allows command + execution inside urxvt from within the terminal (that means anything that + can output text in the terminal can start commands in the context of the + urxvt process, even remotely).

+
+ + + + CVE-2022-4170 + https://nvd.nist.gov/vuln/detail/CVE-2022-4170 + + + 2022-12-05 + 2023-01-03 + + + gitea -- multiple issues