[Bug 266905] ports-mgmt/poudriere

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sat, 08 Oct 2022 14:42:38 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=266905

            Bug ID: 266905
           Summary: ports-mgmt/poudriere
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: bdrewery@FreeBSD.org
          Reporter: ian@south-border.com
          Assignee: bdrewery@FreeBSD.org
             Flags: maintainer-feedback?(bdrewery@FreeBSD.org)

Is there any way to bump up the jquery version from 1.11.1 to something newer? 
Nessus is reporting that that version is vulnerable.  File location is
/usr/local/share/poudriere/html/assets/jquery-1.11.1.min.js.  The blurb from
the scan is:

JQuery 1.2 < 3.5.0 Multiple XSS
Description
According to the self-reported version in the script, the version of JQuery
hosted on the remote web server is greater than or equal to 1.2 and prior to
3.5.0. It is, therefore, affected by multiple cross site scripting
vulnerabilities.

Note, the vulnerabilities referenced in this plugin have no security impact on
PAN-OS, and/or the scenarios required for successful exploitation do not exist
on devices running a PAN-OS release.
Solution
Upgrade to JQuery version 3.5.0 or later.
See Also
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
https://security.paloaltonetworks.com/PAN-SA-2020-0007

Thanks,

Ian

-- 
You are receiving this mail because:
You are the assignee for the bug.