From nobody Tue Feb 14 13:49:11 2023 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PGMyN5yGcz3rypV; Tue, 14 Feb 2023 13:49:32 +0000 (UTC) (envelope-from dan@langille.org) Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4PGMyN3MLjz42Mh; Tue, 14 Feb 2023 13:49:32 +0000 (UTC) (envelope-from dan@langille.org) Authentication-Results: mx1.freebsd.org; none Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id EC11B5C0150; Tue, 14 Feb 2023 08:49:31 -0500 (EST) Received: from imap42 ([10.202.2.92]) by compute5.internal (MEProxy); Tue, 14 Feb 2023 08:49:31 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=langille.org; h= cc:content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to; s=fm1; t=1676382571; x=1676468971; bh=xpuOhQvEWz VFScbSk1B8peBbXRrbAAGtFEha7ypNUfI=; b=AasyV+zINxfxdfIcCrcUFNVbN/ 8CiRkS8895SqK2vl4eRTPKZAZN6gfmKw54zuTZJXgu3VuUHuSNsx1pMtFxk/PeOF 6FuFF+poleRm9qzpPEVRVo0sRL9QG4T+lXNEOyVaUnqHRss3ccYwczrBSsdGWroE 0h46ch8L2xGZwH18SdqQmw9s3rTLs2AEVTzXaodkIh0HSxWrfNrZ84g8gjmfjJpu xpfPG5VA7Hih+IgiazdicwjnQ05R0KoFpuAeElbsErYMAQUu7N6pHprDtHebhVn8 Yi74ISz5RkrOKrQ5/DKTY0rIlZI0wyCgkRS018C/KzFhYkbtUKMcm3rmIlhg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:date:feedback-id :feedback-id:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:sender:subject:subject:to:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; t=1676382571; x=1676468971; bh=xpuOhQvEWzVFScbSk1B8peBbXRrb AAGtFEha7ypNUfI=; b=Zf/U5/ePYTBvjj9iON7ES531cnQuIn3fEaZNNT3OE9HN njh+Tu5vgJROZCQqghaPf4jPIYlgvpUgTrli7a9fKKUHQSAdjTQGl3yjKogj9lFQ YoRLFwoUocXEVRL9i+2vl4Tg/ZiWOLG/x7l58p01fqphmrYPJ43wGN9POhUPuVcO 7lVsiTbwzwPC6xTZN1rXNuw+N25nhmaMgc445AW8Nxg4JRuwxqcoDlJnoHITV6Wo OhW8HeX5kCjjs49Ci/O/WE6CyN5AJe8wSaDPoQJ/koXXUguND0r5zLdG56SUW7hb iMjozY2Jlmqi3s8ZblKD/1qOv80tEqcF7feOzTN+mQ== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrudeifedggeelucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsehttd ertderredtnecuhfhrohhmpedfffgrnhcunfgrnhhgihhllhgvfdcuoegurghnsehlrghn ghhilhhlvgdrohhrgheqnecuggftrfgrthhtvghrnhepudejfeetudeujeeuffekvdehle evffetvdeuhfeuueeuheffveehgfeghfdukedvnecuffhomhgrihhnpehfrhgvvggsshgu rdhorhhgpdiffedrohhrghdpughjrghnghhophhrohhjvggtthdrtghomhenucevlhhush htvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpegurghnsehlrghnghhi lhhlvgdrohhrgh X-ME-Proxy: Feedback-ID: ifbf9424e:Fastmail Received: by mailuser.nyi.internal (Postfix, from userid 501) id BA305BC0078; Tue, 14 Feb 2023 08:49:31 -0500 (EST) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.9.0-alpha0-156-g081acc5ed5-fm-20230206.001-g081acc5e List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org Mime-Version: 1.0 Message-Id: <62b4686d-491e-4224-9ddb-7935bbf7f129@app.fastmail.com> In-Reply-To: <202302141204.31EC4H4m043168@gitrepo.freebsd.org> References: <202302141204.31EC4H4m043168@gitrepo.freebsd.org> Date: Tue, 14 Feb 2023 08:49:11 -0500 From: "Dan Langille" To: "Wen Heping" , ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: Re: git: 7cd59a7b0d9c - main - security/vuxml: Document Django multiple vulnerabilities Content-Type: text/plain X-Rspamd-Queue-Id: 4PGMyN3MLjz42Mh X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:19151, ipnet:66.111.4.0/24, country:US] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-ThisMailContainsUnwantedMimeParts: N On Tue, Feb 14, 2023, at 7:04 AM, Wen Heping wrote: > The branch main has been updated by wen: > > URL: > https://cgit.FreeBSD.org/ports/commit/?id=7cd59a7b0d9c15b24dae177e6feafea107670ff5 > > commit 7cd59a7b0d9c15b24dae177e6feafea107670ff5 > Author: Wen Heping > AuthorDate: 2023-02-14 12:03:26 +0000 > Commit: Wen Heping > CommitDate: 2023-02-14 12:03:59 +0000 > > security/vuxml: Document Django multiple vulnerabilities > --- > security/vuxml/vuln/2023.xml | 41 +++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 41 insertions(+) > > diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml > index a3feb1c2e6d7..9cc6385ce320 100644 > --- a/security/vuxml/vuln/2023.xml > +++ b/security/vuxml/vuln/2023.xml > @@ -1,3 +1,44 @@ > + > + Django -- multiple vulnerabilities > + > + > + py37-django32 > + py38-django32 > + py39-django32 > + py310-django32 > + 3.2.18 > + > + > + py38-django40 > + py39-django40 > + py310-django40 > + 4.0.10 > + > + > + py38-django41 > + py39-django41 > + py310-django41 > + 4.1.7/range> The above has incorrect tags.I think it might be: 4.1.7 But I'm not sure. > + > + > + > + > +

Django reports:

> +
cite="https://www.djangoproject.com/weblog/2023/feb/14/security-releases/"> > +

CVE-2023-24580: Potential denial-of-service vulnerability in > file uploads.

> +
> + > +
> + > + CVE-2023-24580 > + > https://www.djangoproject.com/weblog/2023/feb/14/security-releases/ > + > + > + 2023-02-01 > + 2023-02-14 > + > +
> + > > GnuTLS -- timing sidechannel in RSA decryption > -- Dan Langille dan@langille.org