From nobody Tue Jan 03 11:14:23 2023 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NmVVl6Rwkz2qlPX; Tue, 3 Jan 2023 11:14:23 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4NmVVl5wp4z4R92; Tue, 3 Jan 2023 11:14:23 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1672744463; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=6i9WlKSNCmEh1e1h3Tas6lujt8mKuoViidHszAH6bQE=; b=k/lTtcINDHsGD+WBn9AeuaVFytJ38YouN5WNNi9lBUJ2PDLnpRzffQy0V7mk4OgX8SPueD 2vbjsmsFP6+cfIQ7F5Tb2V70HU18H301q4Butf5Xte4KK5is9gmLOm+03sT0tSX7ZXtv9+ FwyO+OpsLsr4lQedgDw4ww9G6k3tkB31XiDfIi5pr+Ylsqp8jf2BaFR9EJzxN/sGGGCFGg 4vLyQria3UByAC0vyY4nKq4nqOwg5LYU7Sll2LAsNOqgv6MXOzIw4W7qlESorTCMTyUhFz 1faK4Q2/6cFFNEwkBAyO9Z9FwFJRGAiy5aioswmGZUQfhIKEhB5S7MrKaYZ2hQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1672744463; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=6i9WlKSNCmEh1e1h3Tas6lujt8mKuoViidHszAH6bQE=; b=OCGt8Jw2pxU1Ad5sSJqeunPqG5oLC/Ipsh2BYtWi1TfYDkNc62rZT31TTreu/oJrrkjvCD o6GPGrx6FJ+QGQas7YUtyWwqgik3YXnGaeG8oTeST6UlxZBtvDRRVAJsKxj8NcS1I3QdOd nFKgi9YscQ4vTSTT8Q/KGV3oja7R92PCZkprzcy4E6+AGtqu4EWdJy7tibheB9Ycb2HENT d9jPa3x8p8DuZkt1JuMFjKXAA3cjepmiXEFHI4UmqeWVoiHTRMNpqehqKPDam8XH10xYH/ JA3KjRs8hf5K+Fp7qkRqjlJQu81Z2PjBRekcD7izOvByTk2cX4ziPpRq+9fk6A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1672744463; a=rsa-sha256; cv=none; b=my4c4KW7nRr2rVGqpqPqkJ68T9Df8qLNV14o+Eeb/3FtahK4qaLElYnkT/YBW17g1FhWQW SFrac6a0xV/dLPm1CeQZIrSPjcgEldytHCr/ddUcMuOPMEWNmkz7/1eIHAdap7aSk6CYYn RTWCC2/dmBYjpk4BvDd8p8DGAmmtp9ebeMwA/9C6IEfdX3dO2FzECxeF1x1m/8x8spRJTa j6hSNfBEjCzTXRCQW8qw5TpwNFGXtSUpACbdirQeaSmAEnPVXAiQSmwpC2noWn5bmgcddE jt49DX6qGAFFGZRo9GwI4TP+WSJsKFDx3+h0NbEQ+2cysK8ftqTco+7tjjvPow== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4NmVVl502LzVQZ; Tue, 3 Jan 2023 11:14:23 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 303BENhK047528; Tue, 3 Jan 2023 11:14:23 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 303BENM4047527; Tue, 3 Jan 2023 11:14:23 GMT (envelope-from git) Date: Tue, 3 Jan 2023 11:14:23 GMT Message-Id: <202301031114.303BENM4047527@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-branches@FreeBSD.org From: Thierry Thomas Subject: git: 7e559598e001 - 2023Q1 - security/vuxml: add an entry for CVE-2022-4170 in x11/rxvt-unicode List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: thierry X-Git-Repository: ports X-Git-Refname: refs/heads/2023Q1 X-Git-Reftype: branch X-Git-Commit: 7e559598e001276bd9d2652aebad1f0e977760f2 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch 2023Q1 has been updated by thierry: URL: https://cgit.FreeBSD.org/ports/commit/?id=7e559598e001276bd9d2652aebad1f0e977760f2 commit 7e559598e001276bd9d2652aebad1f0e977760f2 Author: Thierry Thomas AuthorDate: 2023-01-03 10:16:55 +0000 Commit: Thierry Thomas CommitDate: 2023-01-03 11:13:38 +0000 security/vuxml: add an entry for CVE-2022-4170 in x11/rxvt-unicode Security: CVE-2022-4170 (cherry picked from commit 93b08b54dd5ecbc0fe26aa4660191a591e213f5f) --- security/vuxml/Makefile | 1 + security/vuxml/vuln/2023.xml | 29 +++++++++++++++++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/security/vuxml/Makefile b/security/vuxml/Makefile index 11132d8c65d5..1c5016141eb3 100644 --- a/security/vuxml/Makefile +++ b/security/vuxml/Makefile @@ -10,6 +10,7 @@ DIST_SUBDIR= vuxml MAINTAINER= ports-secteam@FreeBSD.org COMMENT= Vulnerability and eXposure Markup Language DTD +WWW= https://vuxml.freebsd.org/ LICENSE= BSD2CLAUSE diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml index 794ada3ebc27..8b880c07b232 100644 --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -1,3 +1,32 @@ + + rxvt-unicode is vulnerable to a remote code execution + + + rxvt-unicode + 9.31 + + + + +

Marc Lehmann reports:

+
+

The biggest issue is resolving CVE-2022-4170, which allows command + execution inside urxvt from within the terminal (that means anything that + can output text in the terminal can start commands in the context of the + urxvt process, even remotely).

+
+ + + + CVE-2022-4170 + https://nvd.nist.gov/vuln/detail/CVE-2022-4170 + + + 2022-12-05 + 2023-01-03 + + + gitea -- multiple issues