[Bug 291366] security/vuxml: add entry for go124<1.24.11, go125<1.25.5

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 03 Dec 2025 11:53:16 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291366

            Bug ID: 291366
           Summary: security/vuxml: add entry for go124<1.24.11,
                    go125<1.25.5
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-secteam@FreeBSD.org
          Reporter: einar@isnic.is
          Assignee: ports-secteam@FreeBSD.org
             Flags: maintainer-feedback?(ports-secteam@FreeBSD.org)

Within HostnameError.Error(), when constructing an error string, there is no
limit to the number of hosts that will be printed out. Furthermore, the error
string is constructed by repeated string concatenation, leading to quadratic
runtime. Therefore, a certificate provided by a malicious actor can result in
excessive resource consumption.

-- 
You are receiving this mail because:
You are the assignee for the bug.