git: 620733e41697 - main - security/vuxml: databases/mantis <2.25.6 CVEs
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 09 Mar 2023 08:18:09 UTC
The branch main has been updated by fernape: URL: https://cgit.FreeBSD.org/ports/commit/?id=620733e416973eec341588f8025029827d015bd5 commit 620733e416973eec341588f8025029827d015bd5 Author: Zoltan ALEXANDERSON BESSE <zab@zltech.eu> AuthorDate: 2023-03-09 07:56:23 +0000 Commit: Fernando Apesteguía <fernape@FreeBSD.org> CommitDate: 2023-03-09 07:56:23 +0000 security/vuxml: databases/mantis <2.25.6 CVEs CVE-2023-22476 and CVE-2022-31129 ChangeLog: https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.25.6 PR: 270039 Reported by: zab@zltech.eu --- security/vuxml/vuln/2023.xml | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml index bc0e8b22645b..d02ae8240a4f 100644 --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -33,6 +33,42 @@ </dates> </vuln> + <vuln vid="bed545c6-bdb8-11ed-bca8-a33124f1beb1"> + <topic>mantis -- multiple vulnerabilities</topic> + <affects> + <package> + <name>mantis-php74</name> + <name>mantis-php80</name> + <name>mantis-php81</name> + <name>mantis-php82</name> + <range><lt>2.25.6,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Mantis 2.25.6 release reports:</p> + <blockquote cite="https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.25.6"> + <p>Security and maintenance release</p> + <ul> + <li>0031086: Private issue summary disclosure (CVE-2023-22476)</li> + <li>0030772: Update (bundled) moment.js to 2.29.4 (CVE-2022-31129)</li> + <li>0030791: Allow adding relation type noopener/noreferrer to outgoing links</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2023-22476</cvename> + <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-22476</url> + <cvename>CVE-2022-31129</cvename> + <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-31129</url> + </references> + <dates> + <discovery>2023-01-06</discovery> + <entry>2023-03-08</entry> + </dates> + </vuln> + <vuln vid="6678211c-bd47-11ed-beb0-1c1b0d9ea7e6"> <topic>Apache OpenOffice -- master password vulnerabilities</topic> <affects>