From nobody Sat Dec 20 17:54:43 2025 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4dYX9J1JZXz6KdRF for ; Sat, 20 Dec 2025 17:54:44 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4dYX9H5ztJz3wBK for ; Sat, 20 Dec 2025 17:54:43 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1766253283; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=hM6HUKsz9gLqoKVbjd/kGLHyyLm6axNMMPniTW7ozm4=; b=HOrTI9iTRD/Jb25aDZ4VsCP0+hu2JgPgHnVv0LyEfOWO4BkjXO0A1IA2mNJwqRm7wTxFqe yhSlEyBaUiPIgw007CQjlcbyYZAaBcOHe6Hi/D5n7Z3gS31KLpvkC5k+ovByH1tofzTZIF 0aTGETrfNwSXOGCA4qf4PfpzU09jS3Np1TIu4T3FuSoAHVFDZaSKYH+ovpnLkbR1dLbutI HK3+hX3jfI4f1r4WUHXzIXbjMg771gETsIOpqnKuHYxkvKonf4tCsvNWxT+iAPXzMFRHrb w6K1+uTx3+9akbMa3Ht1P/6Px07JDcX17Kesl6AWLOzw1Fy1Pt5XdT4DEeFu7g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1766253283; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=hM6HUKsz9gLqoKVbjd/kGLHyyLm6axNMMPniTW7ozm4=; b=EdSCH9MyeTO1cjJ3pXaFkQtDzDZCY9+s97BMQ/nFXYc5/Q0Gf+3nQnqsS9uZqC1VPZVTbG FPN3nB5k5qAhYiFg+fVblslgzJzR2D2wcoSQmuzjTknTdeKUSKWyUsfBmiiCI6U785wB4W GbaU56nnHPCu4uKZjLrbHUl6JAajCj1W+U6n8a/OoJVhHbmsd54pbhmBOn4jxtiWB/1Cgs 1DpNoG3Q+E+U+d2l0KS2qqmKgKuxZV5xYcVIhPhVwR26cKlH1yCEXof6kIb4St9bsBo+O6 ihy5R2KB6gs3FGnHUXOth2GtpUgBWxDm8ecjk5dJ5oqt+wYJtgRT5KDyjIB+iQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1766253283; a=rsa-sha256; cv=none; b=Oi2qxtYIeOCGytbCOMVuTyWRFV4t6fYiKgK/lpGO4hxMIHCHPuv5vRuxLJam5+NF+dE0Ge EKs3wQsaRfFyy381mvudkTii1OCFS98/dykAeIAp7G5fGMrOikg35wqH6LM3DKZKfBn4Zm XltrQfJqKnhFj0q/wm4tsRmf5tDuNN4Vyqo/tS0dr8cTUTJJYjHtym1qV92BkrdKCSJG5o zIES+6k1kpddEAivTHu3KNjWr2IIsgtxZvZwmMCeU7lnAvTvzVimmzet+VMkeIqj8Ap1er 3irRiV60SjJ9zCdQkl/gMpc29tAv0g8bZmDBRlNB+4sCkU91F3FiidbI+S+6cw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4dYX9H4w1tz144m for ; Sat, 20 Dec 2025 17:54:43 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 31244 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Sat, 20 Dec 2025 17:54:43 +0000 To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Fernando Apeste=?utf-8?Q?gu=C3=ADa?= Subject: git: 7223b7ae1184 - main - security/vuxml: Add smb4k vulnerabilities List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-ports-all@freebsd.org Sender: owner-dev-commits-ports-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: fernape X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 7223b7ae1184ec38fb50126d7221487b4c5809ae Auto-Submitted: auto-generated Date: Sat, 20 Dec 2025 17:54:43 +0000 Message-Id: <6946e2e3.31244.4e766238@gitrepo.freebsd.org> The branch main has been updated by fernape: URL: https://cgit.FreeBSD.org/ports/commit/?id=7223b7ae1184ec38fb50126d7221487b4c5809ae commit 7223b7ae1184ec38fb50126d7221487b4c5809ae Author: Fernando ApesteguĂ­a AuthorDate: 2025-12-20 17:53:29 +0000 Commit: Fernando ApesteguĂ­a CommitDate: 2025-12-20 17:53:29 +0000 security/vuxml: Add smb4k vulnerabilities * CVE-2025-66002 * CVE-2025-66003 --- security/vuxml/vuln/2025.xml | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml index cc260ae68db0..3e5428cd52a1 100644 --- a/security/vuxml/vuln/2025.xml +++ b/security/vuxml/vuln/2025.xml @@ -1,3 +1,42 @@ + + smb4k -- Critical vulnerabilities in Mount Helper + + +smb4k +4.0.4 + + + + +

vulndb reports:

+
+

A vulnerability, which was classified as critical, was + found in smb4k up to 4.0.4. Affected is some unknown + functionality of the component Mount Helper. The + manipulation with an unknown input leads to a access control + vulnerability. CWE is classifying the issue as CWE-284. The + product does not restrict or incorrectly restricts access to + a resource from an unauthorized actor. This is going to have + an impact on integrity, and availability. The advisory is + available at seclists.org. The exploitability is told to be + easy. Local access is required to approach this attack. The + technical details are unknown and an exploit is not + available.

+
+ + + + CVE-2025-66002 + https://vuldb.com/?id.336198 + CVE-2025-66003 + https://vuldb.com/?id.336199 + + + 2025-12-20 + 2025-12-20 + + + Firefox -- Use-after-free