From nobody Mon Apr 10 18:33:13 2023 X-Original-To: ports-bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PwHfM2Byvz44d4w for ; Mon, 10 Apr 2023 18:33:15 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PwHfL5Wn5z3wbD for ; Mon, 10 Apr 2023 18:33:14 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1681151594; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=cYsNmKZOhsEBAPZWDuKl5czFhRIobzVmoZ8kSt70kp4=; b=lHEC/1egPeG5ZN//afUPR7kxb1WOA1FrOlJcnuyYaLbFxDchQkllkQYm93UCGkn96Epe5Y mUVB3EiXCcQK/ar35jKNJFUFzzA4ESvHgI9dkBjgXR6MwAWetw7sYoql3o2vSlD0qQcgVu raOOUMplc6chKZJk9MNLZ5exSQT4rV1z3iN+d3lT5DND7SwxJCMkKjIpJvDy0AKjXazoCE Cd5rMGBK4jRl22guSK967uyL0C1DX3y5QFk6r3ZT1p2LDautbOQVG4zjchtdqoCJNc5xix trDr6t1l3yuI1wBz3TBVJPuc9YqKCfnvrENTliFjwGBXJLsPEpCmZmlDlvvM/w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1681151594; a=rsa-sha256; cv=none; b=lgOw8g0zk0rKqzLpZAYCOMKFk13/Kc7Wv9/LnfKT2aPIfm6O3uMHd7WhvvIsPOGPhix/Ny La0aPU1wx/CtBcRWRAorOAjEGmoA1IffEHyl8qeiWbOnKaRZvSiCOy+kiAazp8hwzeXcr7 VQee1iSTT6ChDx1AxAbENhR0yggGS0BS79XFtxxvcRRWjMYpBttHaeojc6uUKgSdaA+67u Dqlo34MO56v/IWyNDPiUyxtPukUJgu3PNBnxdn2LqT5Jc33CzTdnLf5Lm4XtEj17AGhswa l3Zq64CT9klPigHMPA1f0l9DdZxAImtjNRWUNxpON+cOf9XAgJcyA32X6po09w== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4PwHfL4dqbz11l8 for ; Mon, 10 Apr 2023 18:33:14 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 33AIXEfY034436 for ; Mon, 10 Apr 2023 18:33:14 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 33AIXECg034435 for ports-bugs@FreeBSD.org; Mon, 10 Apr 2023 18:33:14 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 270744] 20 VuXML new entries for vulnerable ports Date: Mon, 10 Apr 2023 18:33:13 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: security X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: hubert.tournier@gmail.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ports-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform bug_file_loc op_sys bug_status keywords bug_severity priority component assigned_to reporter cc attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Ports bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-ports-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports-bugs@freebsd.org X-BeenThere: freebsd-ports-bugs@freebsd.org MIME-Version: 1.0 X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D270744 Bug ID: 270744 Summary: 20 VuXML new entries for vulnerable ports Product: Ports & Packages Version: Latest Hardware: Any URL: https://github.com/HubTou/pysec2vuxml OS: Any Status: New Keywords: security Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: hubert.tournier@gmail.com CC: 0mp@FreeBSD.org, amzo1337@gmail.com, contato@kanazuchi.com, dvl@FreeBSD.org, philip@FreeBSD.org, ports-secteam@FreeBSD.org, ports@FreeBSD.org, python@FreeBSD.org, sunpoet@FreeBSD.org, swills@FreeBSD.org, yuri@freebsd.org CC: ports-secteam@FreeBSD.org Created attachment 241403 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D241403&action= =3Dedit 20 VuXML new entries for vulnerable ports A second batch of new VuXML entries for vulnerable ports discovered with pysec2vuxml (see https://github.com/HubTou/pysec2vuxml). Others will follow as soon as possible. Entries were verified with: # cd /usr/ports/security/vuxml # make validate Here are the ports affected with their respective maintainers: ---------------------------------------------------------------------------= ---------------------------------- Vulns Package Port path Port name Po= rt version Maintainer=20=20=20=20=20=20=20=20=20=20=20=20=20 ---------------------------------------------------------------------------= ---------------------------------- 2 cinder misc/py-cinder py39-cinder=20=20=20=20= =20=20=20=20=20=20=20 12.0.10_22 sunpoet@FreeBSD.org=20=20=20=20 2 tflite misc/py-tflite py39-tflite 2.= 3.0=20 yuri@FreeBSD.org=20=20=20=20=20=20=20 2 impacket net/py-impacket py39-impacket=20=20=20=20= =20=20=20=20=20 0.9.17_1 contato@kanazuchi.com=20=20 1 suds net/py-suds py39-suds 1.= 1.2=20 sunpoet@FreeBSD.org=20=20=20=20 1 slixmpp net-im/py-slixmpp py39-slixmpp 1.= 7.1=20 0mp@FreeBSD.org=20=20=20=20=20=20=20=20 1 nicotine-plus net-p2p/py-nicotine-plus py39-nicotine-plus=20=20= =20=20 3.2.0_1 ports@FreeBSD.org=20=20=20=20=20=20 1 pymatgen science/py-pymatgen py39-pymatgen=20=20=20=20= =20=20=20=20=20 2022.7.19 yuri@FreeBSD.org=20=20=20=20=20=20=20 3 tensorflow science/py-tensorflow py39-tensorflow=20=20=20= =20=20=20=20 2.9.1_5 amzo1337@gmail.com=20=20=20=20=20 2 cryptography security/py-cryptography py39-cryptography=20=20= =20=20=20 3.4.8_1,1 sunpoet@FreeBSD.org=20=20=20=20 1 kerberos security/py-kerberos py39-kerberos 1.= 3.1=20 dvl@FreeBSD.org=20=20=20=20=20=20=20=20 6 pysaml2 security/py-pysaml24 py39-pysaml24=20=20=20=20= =20=20=20=20=20 4.9.0_1 sunpoet@FreeBSD.org=20=20=20=20 3 ansible sysutils/ansible py39-ansible 7.= 1.0=20 0mp@FreeBSD.org=20=20=20=20=20=20=20=20 2 psutil sysutils/py-psutil121 py39-psutil121=20=20=20= =20=20=20=20=20 1.2.1_2 swills@FreeBSD.org=20=20=20=20=20 1 beaker www/py-beaker py39-beaker 1.= 12.1 python@FreeBSD.org=20=20=20=20=20=20 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D Python packages's FreeBSD ports =3D 4127 vulnerable ports =3D 41 (14 in this batch) vulnerable ports/version =3D 46 (14 in this batch) vulnerabilities =3D 140 (28 in this batch) ---------------------------------------------------------------------------= ---------------------------------- --=20 You are receiving this mail because: You are the assignee for the bug.=