git: 7ad6e0e0c912 - main - security/vuxml: remove duplicated entry, see 3bac9fee140f64f562008b81ea2f2391b3fca116

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Matthias Fechner <mfechner_at_FreeBSD.org>
Date: Mon, 18 Mar 2024 06:46:42 UTC

The branch main has been updated by mfechner:

URL: https://cgit.FreeBSD.org/ports/commit/?id=7ad6e0e0c912b2d8b631c8af54f6ac7d83400984

commit 7ad6e0e0c912b2d8b631c8af54f6ac7d83400984
Author:     Matthias Fechner <mfechner@FreeBSD.org>
AuthorDate: 2024-03-18 06:45:53 +0000
Commit:     Matthias Fechner <mfechner@FreeBSD.org>
CommitDate: 2024-03-18 06:45:53 +0000

    security/vuxml: remove duplicated entry, see 3bac9fee140f64f562008b81ea2f2391b3fca116
    
    Reported by:    flo@smeets.xyz
---
 security/vuxml/vuln/2024.xml | 33 ---------------------------------
 1 file changed, 33 deletions(-)

diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml
index 93d54975a84d..ac0ecc511977 100644
--- a/security/vuxml/vuln/2024.xml
+++ b/security/vuxml/vuln/2024.xml
@@ -481,39 +481,6 @@
     </dates>
   </vuln>
 
-  <vuln vid="46a9eb0f-d7d2-11ee-bb12-001b217b3468">
-    <topic>null -- null</topic>
-    <affects>
-      <package>
-	<name>null</name>
-	<range><lt>null</lt></range>
-      </package>
-    </affects>
-    <description>
-	<body xmlns="http://www.w3.org/1999/xhtml">
-	<p>support@hackerone.com reports:</p>
-	<blockquote cite="https://hackerone.com/reports/2237545">
-	  <p>On Linux, Node.js ignores certain environment variables if those
-	may have been set by an unprivileged user while the process is
-	running with elevated privileges with the only exception of
-	CAP_NET_BIND_SERVICE.  Due to a bug in the implementation of this
-	exception, Node.js incorrectly applies this exception even when
-	certain other capabilities have been set.  This allows unprivileged
-	users to inject code that inherits the process&apos;s elevated
-	privileges.</p>
-	</blockquote>
-	</body>
-    </description>
-    <references>
-      <cvename>CVE-2024-21892</cvename>
-      <url>https://nvd.nist.gov/vuln/detail/CVE-2024-21892</url>
-    </references>
-    <dates>
-      <discovery>2024-02-20</discovery>
-      <entry>2024-03-01</entry>
-    </dates>
-  </vuln>
-
   <vuln vid="3567456a-6b17-41f7-ba7f-5cd3efb2b7c9">
     <topic>electron{27,28} -- Use after free in Mojo</topic>
     <affects>