git: 424fb6c301d7 - main - security/vuxml: fix NS tag on body of Gitlab vuln entry
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 12 Feb 2024 17:11:26 UTC
The branch main has been updated by mandree:
URL: https://cgit.FreeBSD.org/ports/commit/?id=424fb6c301d76773b60be349ae7943ef6ab11484
commit 424fb6c301d76773b60be349ae7943ef6ab11484
Author: Matthias Andree <mandree@FreeBSD.org>
AuthorDate: 2024-02-12 17:09:51 +0000
Commit: Matthias Andree <mandree@FreeBSD.org>
CommitDate: 2024-02-12 17:10:26 +0000
security/vuxml: fix NS tag on body of Gitlab vuln entry
This fixes a vxquery warning (line number may vary):
| Parsing failed @ line 4442:
| Expected element in XHTML namespace.
Security: 6e0ebb4a-5e75-11ee-a365-001b217b3468
---
security/vuxml/vuln/2023.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml
index 40ca86777690..d9b02f61c794 100644
--- a/security/vuxml/vuln/2023.xml
+++ b/security/vuxml/vuln/2023.xml
@@ -2896,7 +2896,7 @@ Reported by Niccolo Belli and WIPocket (Github #400, #417).
</package>
</affects>
<description>
- <body>
+ <body xmlns="http://www.w3.org/1999/xhtml">
<p>Attacker can add other projects policy bot as member to their own project and use that bot to trigger pipelines in victims project</p>
<p>Group import allows impersonation of users in CI pipelines</p>
<p>Developers can bypass code owners approval by changing a MR's base branch</p>