Re: git: a3dec5316c3e - main - security/vuxml: Document cURL vulnerability

Reply: Alexey Dokuchaev : "Re: git: a3dec5316c3e - main - security/vuxml: Document cURL vulnerability"
In reply to: Jason E. Hale: "Re: git: a3dec5316c3e - main - security/vuxml: Document cURL vulnerability"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Alexey Dokuchaev <danfe_at_freebsd.org>
Date: Sun, 17 Sep 2023 18:33:50 UTC

On Sun, Sep 17, 2023 at 02:23:22PM -0400, Jason E. Hale wrote:
> > commit a3dec5316c3e45a676eef22de283ad57ea6a3111
> >
> >   security/vuxml: Document cURL vulnerability
> >
> >   PR:             273764
> >   Reported by:    yasu
> > [...]
> > +   <vuln vid="b5508c08-547a-11ee-85eb-84a93843eb75">
> > +     <topic>Roundcube -- XSS vulnerability</topic>
> > +     <affects>
> > +--
> > +2.42.0
> > +
> 
> You probably didn't mean to add this file. Could you remove it please?

Could it be the reason why any "make" command in any port now complains
that it has known vulnerabilities?  Preceding lines are:

  pkg-static: Invalid end of XML
  pkg-static: cannot process vulnxml

./danfe