From nobody Thu May 04 17:56:02 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QC1hT1DtNz49MSf for ; Thu, 4 May 2023 17:56:09 +0000 (UTC) (envelope-from SRS0=hJ80=AZ=quip.cz=000.fbsd@elsa.codelab.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4QC1hS1GFhz48vW for ; Thu, 4 May 2023 17:56:08 +0000 (UTC) (envelope-from SRS0=hJ80=AZ=quip.cz=000.fbsd@elsa.codelab.cz) Authentication-Results: mx1.freebsd.org; dkim=none; spf=none (mx1.freebsd.org: domain of "SRS0=hJ80=AZ=quip.cz=000.fbsd@elsa.codelab.cz" has no SPF policy when checking 94.124.105.4) smtp.mailfrom="SRS0=hJ80=AZ=quip.cz=000.fbsd@elsa.codelab.cz"; dmarc=none Received: from elsa.codelab.cz (localhost [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 64009D78F4 for ; Thu, 4 May 2023 19:56:04 +0200 (CEST) Received: from [192.168.145.50] (ip-89-177-27-225.bb.vodafone.cz [89.177.27.225]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 704A4D78B7 for ; Thu, 4 May 2023 19:56:03 +0200 (CEST) Message-ID: <08443176-fdef-ee00-ed7e-6d90d2b241f7@quip.cz> Date: Thu, 4 May 2023 19:56:02 +0200 List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:102.0) Gecko/20100101 Thunderbird/102.10.1 To: FreeBSD-security@freebsd.org Content-Language: cs-Cestina From: Miroslav Lachman <000.fbsd@quip.cz> Subject: vulnerablities in base unreported in VuXML Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spamd-Result: default: False [-1.79 / 15.00]; AUTH_NA(1.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.998]; NEURAL_HAM_LONG(-1.00)[-0.996]; FORGED_SENDER(0.30)[000.fbsd@quip.cz,SRS0=hJ80=AZ=quip.cz=000.fbsd@elsa.codelab.cz]; MIME_GOOD(-0.10)[text/plain]; MLMMJ_DEST(0.00)[FreeBSD-security@freebsd.org]; RCVD_TLS_LAST(0.00)[]; R_DKIM_NA(0.00)[]; R_SPF_NA(0.00)[no SPF record]; ASN(0.00)[asn:42000, ipnet:94.124.104.0/21, country:CZ]; MIME_TRACE(0.00)[0:+]; DMARC_NA(0.00)[quip.cz]; RCVD_COUNT_THREE(0.00)[3]; RCPT_COUNT_ONE(0.00)[1]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_NEQ_ENVFROM(0.00)[000.fbsd@quip.cz,SRS0=hJ80=AZ=quip.cz=000.fbsd@elsa.codelab.cz]; FROM_HAS_DN(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TO_DN_NONE(0.00)[]; MID_RHS_MATCH_FROM(0.00)[] X-Rspamd-Queue-Id: 4QC1hS1GFhz48vW X-Spamd-Bar: - X-ThisMailContainsUnwantedMimeParts: N As was noted on FreeBSD forum [1], there is problem with missing SA entries in VuXML (again). The last entry is from 2022-08-31 for zlip heap buffer overflow [2] 5 SA entries are missing. Can somebody from Securitu Officers take a look on it and publish missing entries? And fix the SA release process for all future SAs so we do not miss any again? Periodic 405.pkg-base-audit from pkg is usless without up to date VuXML. [1] https://forums.freebsd.org/threads/pkg-audit-vuln-xml-no-more-updates-for-base-system-and-kernel.71239/#post-609407 [2] https://www.vuxml.org/freebsd/pkg-FreeBSD.html Kind regards Miroslav Lachman