From nobody Mon Dec 27 18:19:18 2021
X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id B726C191E28B;
	Mon, 27 Dec 2021 18:19:20 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4JN5Xl27KDz3nGY;
	Mon, 27 Dec 2021 18:19:18 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 721D122922;
	Mon, 27 Dec 2021 18:19:18 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 1BRIJIbk058612;
	Mon, 27 Dec 2021 18:19:18 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 1BRIJIiY058611;
	Mon, 27 Dec 2021 18:19:18 GMT
	(envelope-from git)
Date: Mon, 27 Dec 2021 18:19:18 GMT
Message-Id: <202112271819.1BRIJIiY058611@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
        dev-commits-ports-main@FreeBSD.org
From: =?utf-8?Q?Romain Tarti=C3=A8re?= <romain@FreeBSD.org>
Subject: git: 5e1978e34993 - main - security/vuxml: Document more Log4Shell vulnerabilities
List-Id: Commit messages for all branches of the ports repository <dev-commits-ports-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all
List-Help: <mailto:dev-commits-ports-all+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-ports-all@freebsd.org
X-BeenThere: dev-commits-ports-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: romain
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 5e1978e349939a423fbfe51aebb29f89106dd307
Auto-Submitted: auto-generated
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1640629159;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=Q50jJZjPJ9m9VGSzRbJeEqmWWmIU4ygUOZLhluA4H3k=;
	b=vB2uwQdDAuTXcOwGuhZF1L6ldEDxAEebhtBRiNuJud/X7YkZoXgvQSOhrYvyoRJN/hIrsZ
	TfxqVLgxV5/rUZOlSPXWwE6oRDsZzpH194OddVaouxq/PA2OGL7Ub3KNgvACPUAHLFj5gO
	ARwDiC6hTzipVp45eEBTa952ImWV804b0HhU3whDaUh4fIvS+rv0QLL5I2nZdzyrGtjj5j
	f9nw8Pr1uAKb2uLspdpJqYHb+DtEqyFXOGU8aEOrl3ILXxrBgr58KmAsox/7nuFKj2cUUJ
	zMQZJMpWRMlpCaKdoDtlibrXHrwfPk1zIC3i0icdcKx4lej7wAJWXYGE8xrNxw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1640629159; a=rsa-sha256; cv=none;
	b=kLjuwZvoGOSBBItic706D3dEdFnFrUUC7mzpW3Ph+5jMPchNaHIBuodEe135A0HHoq4k3M
	xvQnhk0EoW6j31n4dzeYNZwZ6E3ugpVwZsM+jVyqbeOWgieoSFNfUoY+Oogce7ItiIP4rd
	BGJoLgi2Bq7PbScOVlJvjnGMZfiuQIrOXmH82+idHkmrvce32itYzBoSRagoTCYKZ4uaV3
	ruIRApBzCG4tqtjcPJ31wPwxK86YgHiL61OI6ruPEhjFPzo+D6jDPbkj2YD6FFYxcLHnNu
	mYBOnRd1mP1N7yBiK/v8cLoaivflaMmdzPNgv4FlgsLrs2Eu9ezTl3v0uBg82g==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
X-ThisMailContainsUnwantedMimeParts: N

The branch main has been updated by romain:

URL: https://cgit.FreeBSD.org/ports/commit/?id=5e1978e349939a423fbfe51aebb29f89106dd307

commit 5e1978e349939a423fbfe51aebb29f89106dd307
Author:     Romain Tartière <romain@FreeBSD.org>
AuthorDate: 2021-12-27 17:13:31 +0000
Commit:     Romain Tartière <romain@FreeBSD.org>
CommitDate: 2021-12-27 18:18:46 +0000

    security/vuxml: Document more Log4Shell vulnerabilities
    
    With hat:       opensearch
---
 security/vuxml/vuln-2021.xml | 52 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)

diff --git a/security/vuxml/vuln-2021.xml b/security/vuxml/vuln-2021.xml
index cf52dabf0dcd..fb9db048a654 100644
--- a/security/vuxml/vuln-2021.xml
+++ b/security/vuxml/vuln-2021.xml
@@ -1,3 +1,55 @@
+  <vuln vid="d1be3d73-6737-11ec-9eea-589cfc007716">
+    <topic>OpenSearch -- Log4Shell</topic>
+    <affects>
+      <package>
+	<name>opensearch</name>
+	<range><lt>1.2.3</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>OpenSearch reports:</p>
+	<blockquote cite="https://opensearch.org/blog/releases/2021/12/update-1-2-3/">
+	  <p>CVE-2021-45105 for Log4j was issued after the release of OpenSearch 1.2.2. This CVE advises upgrading to Log4j 2.17.0. While there has been no observed reproduction of the issue described in CVE-2021-45105 in OpenSearch, we have released OpenSearch 1.2.3 which updates Log4j to version 2.17.0.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2021-45105</cvename>
+      <url>https://opensearch.org/blog/releases/2021/12/update-1-2-3/</url>
+    </references>
+    <dates>
+      <discovery>2021-12-16</discovery>
+      <entry>2021-12-27</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="b0f49cb9-6736-11ec-9eea-589cfc007716">
+    <topic>OpenSearch -- Log4Shell</topic>
+    <affects>
+      <package>
+	<name>opensearch</name>
+	<range><lt>1.2.2</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>OpenSearch reports:</p>
+	<blockquote cite="https://opensearch.org/blog/releases/2021/12/update-1-2-2/">
+	  <p>CVE-2021-45046 was issued shortly following the release of OpenSearch 1.2.1. This new CVE advises upgrading from Log4j 2.15.0 (used in OpenSearch 1.2.1) to Log4j 2.16.0. Out of an abundance of caution, the team is releasing OpenSearch 1.2.2 which includes Log4j 2.16.0. While there has been no observed reproduction of the issue described in CVE-2021-45046, Log4j 2.16.0 takes much more extensive JNDI mitigation measures.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2021-45046</cvename>
+      <url>https://opensearch.org/blog/releases/2021/12/update-1-2-2/</url>
+    </references>
+    <dates>
+      <discovery>2021-12-14</discovery>
+      <entry>2021-12-27</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="1135e939-62b4-11ec-b8e2-1c1b0d9ea7e6">
     <topic>opengrok -- Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise OpenGrok.</topic>
     <affects>