From nobody Fri Feb 16 09:00:47 2024
X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Tbm9q6PMkz5BJ7m;
	Fri, 16 Feb 2024 09:00:47 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Tbm9q5zGrz3xHV;
	Fri, 16 Feb 2024 09:00:47 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1708074047;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=PD5jJYep/qmcs2Ad4U1RioRia5uULY+H3cdOckpXhfU=;
	b=W7fZaSKgYB6ZFcxA33WNqGHL3wCCDcBUt/4x54u2XGY0s1eUuZnWSSZ0uToe1eQLZbUGab
	tEBUL5YAIjZUwPOwy2Ue+fal+oFG+105y+5Yv1+198riCiYjHvypGZFq2tIHgHRe3FvwtW
	tdcIZgz53A1rk/eoE3Oy7dM7cBzvQL/7zqTFKvDRO1A4nEM02oYmojS/r3eUq6AZZVzdLj
	jN8/+VSvMhKJxE9Dw3nXHyF94kQviueEO+tl/bd7MMrdliYCpI+95faXOcq7SSSwMIpjLl
	eKvu3TZaYETHgZOIN+WvqMwbUzG7Z7yF7A3lHiZ9r5lsTf+sI30nKELQN9vGyA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1708074047;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=PD5jJYep/qmcs2Ad4U1RioRia5uULY+H3cdOckpXhfU=;
	b=wFCkSKUinYYAExdYSotGZ8gChLTetsq4AYO+svHPDTp1EGZKGHJcb7eD6AS/Zf9Rrsp1wr
	KNjYH8efkXLsXy2xA9dOLqjcTgpDaomc95sAACsm4pnqH9Se0yioJT9Dl5PDBC4RuMOBiC
	7+vr7z9qNxuK4vn/BSQWO33XuHr1Q1tBFdm42K3P4GNSPKK37gyfkruNLoN6nBKTwPGzDB
	wHeX+VKZbAbuAm5yU9QbL9MaKiSJ7X5sMhW26mvIPcbHJtUGb72mD1qP4PuHWFabACz6Me
	cxXwko1NVFnmI/YaVTLsKmPAwO9TJwsUHaY3vm772gmQgTHVKaq53gn1Qy2YCw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1708074047; a=rsa-sha256; cv=none;
	b=NvWKYA+J9ed8kHYbBfXZFyIvWJjFtQdotcYbKBbJ6UmTd220gNtPUekeuzzRnTxcttSwm9
	GJ22+KhPDZMP0KzdTFBVHU4GVVaOGD8SZ3tpl8rSXpSyb0n1+iDAb5iCyOuzy/1UGGqjPQ
	HPbxa/2ki9xQcHSeF7GX56aKHh8lrtrND5MeC96H29y4ZRnfwU1wW2vnSA033b05jIf1va
	qqOCYZyDdUBfSpr8AWZ8Isd9QPaFw2+Cdxd1l4B20tbdJSDRmUrHIfs9q8Ik5W6/PV3oaM
	sorD2QU5vcP+JVAtKMOqQ4j0LupRnetkm2QDc0JUqZ0yeoJgjH31fAFE6QoevQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Tbm9q51SjzJTS;
	Fri, 16 Feb 2024 09:00:47 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 41G90lj7027912;
	Fri, 16 Feb 2024 09:00:47 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 41G90lXV027909;
	Fri, 16 Feb 2024 09:00:47 GMT
	(envelope-from git)
Date: Fri, 16 Feb 2024 09:00:47 GMT
Message-Id: <202402160900.41G90lXV027909@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
        dev-commits-ports-main@FreeBSD.org
From: Fernando =?utf-8?Q?Apestegu=C3=ADa?= <fernape@FreeBSD.org>
Subject: git: 639716da9350 - main - security/vuxml: document
  dns/powerdns-recursor vulnerabilities
List-Id: Commit messages for all branches of the ports repository <dev-commits-ports-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all
List-Help: <mailto:dev-commits-ports-all+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-ports-all@freebsd.org
X-BeenThere: dev-commits-ports-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: fernape
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 639716da935095cebdf580408cfcde4f7e853ae0
Auto-Submitted: auto-generated

The branch main has been updated by fernape:

URL: https://cgit.FreeBSD.org/ports/commit/?id=639716da935095cebdf580408cfcde4f7e853ae0

commit 639716da935095cebdf580408cfcde4f7e853ae0
Author:     Fernando Apesteguía <fernape@FreeBSD.org>
AuthorDate: 2024-02-16 08:58:21 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2024-02-16 08:58:21 +0000

    security/vuxml: document dns/powerdns-recursor vulnerabilities
    
    * CVE-2023-50387
    * CVE-2023-50868
    
    PR:             277048
    Reported by:    Ralf van der Enden <tremere@cainites.net>
---
 security/vuxml/vuln/2024.xml | 41 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml
index f0f597bbd7e4..2f68b7ce75db 100644
--- a/security/vuxml/vuln/2024.xml
+++ b/security/vuxml/vuln/2024.xml
@@ -1,3 +1,44 @@
+  <vuln vid="e15ba624-cca8-11ee-84ca-b42e991fc52e">
+    <topic>powerdns-recursor -- Multiple Vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>powerdns-recursor</name>
+	<range><lt>5.0.2</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>cve@mitre.org reports:</p>
+	<blockquote cite="https://access.redhat.com/security/cve/CVE-2023-50868">
+	  <p>CVE-2023-50868: The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155
+	  when RFC 9276 guidance is skipped) allows remote attackers to cause
+	  a denial of service (CPU consumption for SHA-1 computations) via
+	    DNSSEC responses in a random subdomain attack, aka the &quot;NSEC3&quot;
+	  issue.  The RFC 5155 specification implies that an algorithm must
+	  perform thousands of iterations of a hash function in certain
+	situations.</p>
+      <p>CVE-2023-50387: Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035,
+      6840, and related RFCs) allow remote attackers to cause a denial
+      of service (CPU consumption) via one or more DNSSEC responses, aka
+      the &quot;KeyTrap&quot; issue.  One of the concerns is that, when
+      there is a zone with many DNSKEY and RRSIG records, the protocol
+      specification implies that an algorithm must evaluate all combinations
+	of DNSKEY and RRSIG records.</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2023-50868</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2023-50868</url>
+      <cvename>CVE-2023-50387</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2023-50387</url>
+    </references>
+    <dates>
+      <discovery>2024-02-14</discovery>
+      <entry>2024-02-16</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="c97a4ecf-cc25-11ee-b0ee-0050569f0b83">
     <topic>nginx-devel -- Multiple Vulnerabilities in HTTP/3</topic>
     <affects>