git: 04ca25ee0d80 - main - security/vuxml: document electron{34,35} multiple vulnerabilities

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Hiroki Tagato <tagattie_at_FreeBSD.org>
Date: Thu, 29 May 2025 05:36:13 UTC
The branch main has been updated by tagattie:

URL: https://cgit.FreeBSD.org/ports/commit/?id=04ca25ee0d80676e6e85303dbaeee9637043e5d4

commit 04ca25ee0d80676e6e85303dbaeee9637043e5d4
Author:     Hiroki Tagato <tagattie@FreeBSD.org>
AuthorDate: 2025-05-29 05:34:22 +0000
Commit:     Hiroki Tagato <tagattie@FreeBSD.org>
CommitDate: 2025-05-29 05:36:05 +0000

    security/vuxml: document electron{34,35} multiple vulnerabilities
    
    Obtained from:  https://github.com/electron/electron/releases/tag/v34.5.7,
                    https://github.com/electron/electron/releases/tag/v35.5.0
---
 security/vuxml/vuln/2025.xml | 37 ++++++++++++++++++++++++++++++++++++-
 1 file changed, 36 insertions(+), 1 deletion(-)

diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml
index 14393c4e4738..6fdfc63101a3 100644
--- a/security/vuxml/vuln/2025.xml
+++ b/security/vuxml/vuln/2025.xml
@@ -1,3 +1,38 @@
+  <vuln vid="47ef0ac6-38fc-4b35-850b-c794f04619fe">
+    <topic>electron{34,35} -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>electron34</name>
+	<range><lt>34.5.7</lt></range>
+      </package>
+      <package>
+	<name>electron35</name>
+	<range><lt>35.5.0</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Electron developers report:</p>
+	<blockquote cite="https://github.com/electron/electron/releases/tag/v34.5.7">
+	  <p>This update fixes the following vulnerability:</p>
+	  <ul>
+	    <li>Security: backported fix for CVE-2025-4609.</li>
+	    <li>Security: backported fix for CVE-2025-4664.</li>
+	  </ul>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-4609</cvename>
+      <cvename>CVE-2025-4664</cvename>
+      <url>https://github.com/advisories/GHSA-vxhm-55mv-5fhx</url>
+    </references>
+    <dates>
+      <discovery>2025-05-29</discovery>
+      <entry>2025-05-29</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="45eb98d6-3b13-11f0-97f7-b42e991fc52e">
     <topic>grafana -- XSS vulnerability</topic>
     <affects>
@@ -18,7 +53,7 @@
 	enabled, the XSS will work.  If the Grafana Image Renderer plugin
 	is installed, it is possible to exploit the open redirect to achieve
 	a full read SSRF.
-	
+
 	The default Content-Security-Policy (CSP) in Grafana will block the
 	XSS though the `connect-src` directive.</p>
 	</blockquote>