git: a9ea769a7a35 - main - security/vuxml: cyrus-sasl -- Escape password for SQL insert/update commands
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 23 Feb 2022 02:35:14 UTC
The branch main has been updated by ume:
URL: https://cgit.FreeBSD.org/ports/commit/?id=a9ea769a7a350302dfd553ff0481cabab7ebe410
commit a9ea769a7a350302dfd553ff0481cabab7ebe410
Author: Hajimu UMEMOTO <ume@FreeBSD.org>
AuthorDate: 2022-02-23 02:26:11 +0000
Commit: Hajimu UMEMOTO <ume@FreeBSD.org>
CommitDate: 2022-02-23 02:34:42 +0000
security/vuxml: cyrus-sasl -- Escape password for SQL insert/update commands
---
security/vuxml/vuln-2022.xml | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml
index 96645537e4c1..aaea1f8ef6af 100644
--- a/security/vuxml/vuln-2022.xml
+++ b/security/vuxml/vuln-2022.xml
@@ -1,3 +1,29 @@
+ <vuln vid="022dde12-8f4a-11ec-83ac-080027415d17">
+ <topic>cyrus-sasl -- Escape password for SQL insert/update commands</topic>
+ <affects>
+ <package>
+ <name>cyrus-sasl-sql</name>
+ <range><ge>2.1.27</ge><lt>2.1.27_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Cyrus SASL 2.1.x Release Notes New in 2.1.28 reports:</p>
+ <blockquote cite="https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28">
+ <p>Escape password for SQL insert/update commands.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2022-24407</cvename>
+ <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407</url>
+ </references>
+ <dates>
+ <discovery>2022-02-04</discovery>
+ <entry>2022-02-23</entry>
+ </dates>
+ </vuln>
+
<vuln vid="85d976be-93e3-11ec-aaad-14dae9d5a9d2">
<topic>The Update Framwork -- path traversal vulnerability</topic>
<affects>