git: 2cc390f6a901 - main - security/vuxml: Fix some reporters
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 26 Sep 2025 17:20:40 UTC
The branch main has been updated by fernape:
URL: https://cgit.FreeBSD.org/ports/commit/?id=2cc390f6a901d4241033431cc321e3fabd5678c0
commit 2cc390f6a901d4241033431cc321e3fabd5678c0
Author: Fernando Apesteguía <fernape@FreeBSD.org>
AuthorDate: 2025-09-26 17:19:31 +0000
Commit: Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2025-09-26 17:19:31 +0000
security/vuxml: Fix some reporters
Reported by: dan@langille.org
---
security/vuxml/vuln/2015.xml | 2 +-
security/vuxml/vuln/2017.xml | 2 +-
security/vuxml/vuln/2018.xml | 4 ++--
security/vuxml/vuln/2019.xml | 6 +++---
security/vuxml/vuln/2020.xml | 2 +-
security/vuxml/vuln/2021.xml | 8 ++++----
security/vuxml/vuln/2022.xml | 6 +++---
security/vuxml/vuln/2023.xml | 4 ++--
security/vuxml/vuln/2024.xml | 4 ++--
9 files changed, 19 insertions(+), 19 deletions(-)
diff --git a/security/vuxml/vuln/2015.xml b/security/vuxml/vuln/2015.xml
index 36997bebdfe4..3f343f329e9d 100644
--- a/security/vuxml/vuln/2015.xml
+++ b/security/vuxml/vuln/2015.xml
@@ -17642,7 +17642,7 @@
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>SO-AND-SO reports:</p>
+ <p>MIT krb5 Security Advisory 2015-001 reports:</p>
<blockquote cite="http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt">
<p>CVE-2014-5352: In the MIT krb5 libgssapi_krb5 library, after
gss_process_context_token() is used to process a valid context
diff --git a/security/vuxml/vuln/2017.xml b/security/vuxml/vuln/2017.xml
index 66964ad2a106..8fca5b4c468b 100644
--- a/security/vuxml/vuln/2017.xml
+++ b/security/vuxml/vuln/2017.xml
@@ -4548,7 +4548,7 @@
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>SO-AND-SO reports:</p>
+ <p>Meta CPAN reports:</p>
<blockquote cite="https://metacpan.org/changes/release/SHAY/perl-5.26.1#Security">
<p>CVE-2017-12814: $ENV{$key} stack buffer overflow on Windows</p>
<p>A possible stack buffer overflow in the %ENV code on Windows has been
diff --git a/security/vuxml/vuln/2018.xml b/security/vuxml/vuln/2018.xml
index ccf9fab5631e..70d128471a3a 100644
--- a/security/vuxml/vuln/2018.xml
+++ b/security/vuxml/vuln/2018.xml
@@ -1314,7 +1314,7 @@
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>SO-AND-SO reports:</p>
+ <p>The PHPMailer Team reports:</p>
<blockquote cite="https://github.com/PHPMailer/PHPMailer/releases/tag/v6.0.6">
<p>CVE-2018-19296:Fix potential object injection vulnerability.</p>
</blockquote>
@@ -1889,7 +1889,7 @@
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>SO-AND-SO reports:</p>
+ <p>The GitLab Team reports:</p>
<blockquote cite="https://about.gitlab.com/2018/11/01/critical-security-release-gitlab-11-dot-4-dot-4-released/">
<p>SSRF in Kubernetes integration</p>
</blockquote>
diff --git a/security/vuxml/vuln/2019.xml b/security/vuxml/vuln/2019.xml
index bbb8785ae92e..9fdca5d18b3e 100644
--- a/security/vuxml/vuln/2019.xml
+++ b/security/vuxml/vuln/2019.xml
@@ -2532,7 +2532,7 @@
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>SO-AND-SO reports:</p>
+ <p>The GitLab Team reports:</p>
<blockquote cite="https://about.gitlab.com/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/">
<p>XSS in Markdown Preview Using Mermaid</p>
<p>Bypass Email Verification using Salesforce Authentication</p>
@@ -3964,7 +3964,7 @@ directly evident from logs.
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>SO-AND-SO reports:</p>
+ <p>Frederic Cambus reports:</p>
<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2019-13207">
<p>nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer
Overflow in the dname_concatenate() function in dname.c.</p>
@@ -4134,7 +4134,7 @@ or the current user.</p>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>SO-AND-SO reports:</p>
+ <p>The Apache Team reports:</p>
<blockquote cite="http://www.apache.org/dist/httpd/CHANGES_2.4">
<h1>SECURITY: CVE-2019-10081</h1>
<p>mod_http2: HTTP/2 very early pushes, for example configured with "H2PushResource",
diff --git a/security/vuxml/vuln/2020.xml b/security/vuxml/vuln/2020.xml
index 138f108b0578..77f8e44c0d2b 100644
--- a/security/vuxml/vuln/2020.xml
+++ b/security/vuxml/vuln/2020.xml
@@ -13152,7 +13152,7 @@ whitespace)
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>SO-AND-SO reports:</p>
+ <p>The GitLab Team reports:</p>
<blockquote cite="https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/">
<p>Group Maintainers Can Update/Delete Group Runners Using API</p>
<p>GraphQL Queries Can Hang the Application</p>
diff --git a/security/vuxml/vuln/2021.xml b/security/vuxml/vuln/2021.xml
index 12c2d0bcdc77..4b6c9e9f7b0f 100644
--- a/security/vuxml/vuln/2021.xml
+++ b/security/vuxml/vuln/2021.xml
@@ -8873,7 +8873,7 @@ In limited circumstances it was possible for users to authenticate using variati
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>SO-AND-SO reports:</p>
+ <p>GitLab Team reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2021/04/14/security-release-gitlab-13-10-3-released/">
<p>Remote code execution when uploading specially crafted image files</p>
<p>Update Rexml</p>
@@ -11170,7 +11170,7 @@ raptor_xml_writer_start_element_common.</p>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>SO-AND-SO reports:</p>
+ <p>The oauth2-proxy Team reports:</p>
<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2021-21291">
<p>In OAuth2 Proxy before version 7.0.0, for users that use the
whitelist domain feature, a domain that ended in a similar way to
@@ -12044,7 +12044,7 @@ raptor_xml_writer_start_element_common.</p>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>SO-AND-SO reports:</p>
+ <p>NVD reports:</p>
<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2020-15900">
<p>A memory corruption issue was found in Artifex
Ghostscript 9.50 and 9.52. Use of a non-standard
@@ -12123,7 +12123,7 @@ raptor_xml_writer_start_element_common.</p>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>SO-AND-SO reports:</p>
+ <p>The GitLab Team reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2021/01/14/critical-security-release-gitlab-13-7-4-released/">
<p>Ability to steal a user's API access token through GitLab Pages</p>
</blockquote>
diff --git a/security/vuxml/vuln/2022.xml b/security/vuxml/vuln/2022.xml
index ed08974d84aa..2d1a028b23bf 100644
--- a/security/vuxml/vuln/2022.xml
+++ b/security/vuxml/vuln/2022.xml
@@ -1583,8 +1583,8 @@
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>SO-AND-SO reports:</p>
- <blockquote cite="INSERT URL HERE">
+ <p>CVE.org reports:</p>
+ <blockquote cite="https://www.cve.org/CVERecord?id=CVE-2022-43995">
<p>Sudo 1.8.0 through 1.9.12, with the crypt() password backend,
contains a plugins/sudoers/auth/passwd.c array-out-of-bounds
error that can result in a heap-based buffer over-read. This
@@ -5040,7 +5040,7 @@
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>SO-AND-SO reports:</p>
+ <p>The Django Project reports:</p>
<blockquote cite="https://www.djangoproject.com/weblog/2022/jul/04/security-releases/">
<p>CVE-2022-34265: Potential SQL injection via Trunc(kind) and
Extract(lookup_name) arguments.</p>
diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml
index 9d6a9444af0b..6e5f8fa30bfd 100644
--- a/security/vuxml/vuln/2023.xml
+++ b/security/vuxml/vuln/2023.xml
@@ -1852,7 +1852,7 @@ Reported by Niccolo Belli and WIPocket (Github #400, #417).
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>SO-AND-SO reports:</p>
+ <p>The OpenSSL team reports:</p>
<blockquote cite="https://www.openssl.org/news/secadv/20231024.txt">
<p>Moderate severity: A bug has been identified in the processing
of key and initialisation vector (IV) lengths. This can lead to
@@ -5529,7 +5529,7 @@ Reported by Niccolo Belli and WIPocket (Github #400, #417).
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>SO-AND-SO reports:</p>
+ <p>The MIT krb5 Team reports:</p>
<blockquote cite="https://github.com/krb5/krb5/commit/88a1701b423c13991a8064feeb26952d3641d840">
<p>When issuing a ticket for a TGS renew or validate request, copy
only the server field from the outer part of the header ticket
diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml
index 64f19bfb38aa..fbc958655802 100644
--- a/security/vuxml/vuln/2024.xml
+++ b/security/vuxml/vuln/2024.xml
@@ -5885,7 +5885,7 @@ All of these are related to the CometVisu add-on for openHAB - if you are a user
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>SO-AND-SO reports:</p>
+ <p>The Vaultwarden Team reports:</p>
<blockquote cite="https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.0">
<p>This release has several CVE Reports fixed and we recommend
everybody to update to the latest version as soon as possible.</p>
@@ -13486,7 +13486,7 @@ All of these are related to the CometVisu add-on for openHAB - if you are a user
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>SO-AND-SO reports:</p>
+ <p>The OpenSSL Team reports:</p>
<blockquote cite="https://www.openssl.org/news/secadv/20240109.txt">
<p>The POLY1305 MAC (message authentication code) implementation
contains a bug that might corrupt the internal state of applications running