From nobody Sat Oct 08 14:42:38 2022 X-Original-To: ports-bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Ml7FC1PZKz4fVdq for ; Sat, 8 Oct 2022 14:42:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Ml7FB5GF8z3qcJ for ; Sat, 8 Oct 2022 14:42:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Ml7FB4D4KzyMN for ; Sat, 8 Oct 2022 14:42:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 298EgclW004688 for ; Sat, 8 Oct 2022 14:42:38 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 298Egck5004687 for ports-bugs@FreeBSD.org; Sat, 8 Oct 2022 14:42:38 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 266905] ports-mgmt/poudriere Date: Sat, 08 Oct 2022 14:42:38 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: ian@south-border.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bdrewery@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter flagtypes.name Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Ports bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-ports-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports-bugs@freebsd.org X-BeenThere: freebsd-ports-bugs@freebsd.org MIME-Version: 1.0 ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1665240158; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=yOQpdM1epElM2GJqVhgncx0MKV60zTE/f7vnM3aHHiU=; b=eMTy6cVL8sNmgO/QfLwo9oxXFVSYSeJv0KKYnPziWAhdEqVf61J96/TaURPZIG1cziYIfu rDzyDu+lCO+epfJH0jkXpbuyFf3bY99GsXNCIY+pb4LqZtTWUPqp84XlgERu5b7kiYJV7H 25DZFtuhrxE7agCq4rRpMDicQW0mG8L0myqnFVdHe8PTzBiT/joNKPX0mMfpU1uuKIlb+J PaK5rUC5Z4kEBVI2tojnF2ebW+PID9bCKZYen/rLWKpLKIQCHF4GCem35SuM79erQlyR1Q dPENQaFmD1V+aAcg/tKMA5S+XjXQv/9Vw9bkNXSNvqIlv29zZg6VoiHTKahHwg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1665240158; a=rsa-sha256; cv=none; b=xWOWkkHL2gCp/nfhYdRMrcu5teo0vEWwxdPwSsAlcaK4ZlEijyzm+xdNjI7YQq5t0SbuKv zwbYLba5TVNuUfIocgJZG7i2Wyy0oCntB3k07cwMIBuL1x+xdUhvcP0FcqM2r+PI9j8ln6 qApBpQr8GH9HvGW+Pi6S4SNdEeqnQDB67QkWAQUw4LPiVxFw6Oe8NSg9vhTsG6VU5KvTF9 Lsp/stFKXvOoPPvhJ6UdjARonbs1Aq1aNWri/Y3cPVmseY7kzoFUcUkZM3X17f3Mu4iYSG DYsQ8DdheXb0huqHRez3CafAu1t6gO1Ba0e+i2O7aF7idrCXWrEBR7mWxP3DzQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D266905 Bug ID: 266905 Summary: ports-mgmt/poudriere Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: bdrewery@FreeBSD.org Reporter: ian@south-border.com Assignee: bdrewery@FreeBSD.org Flags: maintainer-feedback?(bdrewery@FreeBSD.org) Is there any way to bump up the jquery version from 1.11.1 to something new= er?=20 Nessus is reporting that that version is vulnerable. File location is /usr/local/share/poudriere/html/assets/jquery-1.11.1.min.js. The blurb from the scan is: JQuery 1.2 < 3.5.0 Multiple XSS Description According to the self-reported version in the script, the version of JQuery hosted on the remote web server is greater than or equal to 1.2 and prior to 3.5.0. It is, therefore, affected by multiple cross site scripting vulnerabilities. Note, the vulnerabilities referenced in this plugin have no security impact= on PAN-OS, and/or the scenarios required for successful exploitation do not ex= ist on devices running a PAN-OS release. Solution Upgrade to JQuery version 3.5.0 or later. See Also https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://security.paloaltonetworks.com/PAN-SA-2020-0007 Thanks, Ian --=20 You are receiving this mail because: You are the assignee for the bug.=