From nobody Wed Nov 08 07:07:06 2023
X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SQGNp4p88z50BMt;
	Wed,  8 Nov 2023 07:07:06 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4SQGNp4Bjgz4Fg1;
	Wed,  8 Nov 2023 07:07:06 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1699427226;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=uqspTCwgilXZ1RWCiqcyWPJkySeAo24cKne7sCbB3UI=;
	b=sDFe8dVmp14glSXPqw5/WZvadffSwBJS5Tvm6Bhn809FJFc/GXl/MjedQEg2AvhBq2KqtZ
	bhZ7+5duHhVIySa1mmucACYFomPdQAhvFnPkNgM1rQPycn71k5kSjHw9Ou2A4fmcKFQePe
	df0vfe2Ni7TWS9mt0vw4AAMhhqqKswIdkeIS+5JlS4FnliOodWKDHpaY2Ef2oeliLKt7Gm
	cbC4BOXWjpO7wRnqafVsRD9avw+KOEFa7GjzcZEBaetXG2WBIJ6FCqM9hqrlPCbUjNZafP
	SD4wWh448rqOX/XKfyeM7554xC3uJjO/6jaZh+lywGcyjZXPl0oiyK/BfkZ6KA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1699427226;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=uqspTCwgilXZ1RWCiqcyWPJkySeAo24cKne7sCbB3UI=;
	b=MjEnwekDNahUdMlbWLQB0y4mKNWUjC+Y9hn+ipS4Bp8829rzEIu47uyXpbDj0wAAsrnAfG
	nT705L6hwS5GdXaY3z89CUVAqsFa0qNRZgF/tPGux7vRefjNSjXWmsvLVidyxfdYPeXrXh
	eVXT7oUUAVXFPiyDgCa08D2lqriOB3gadAtkaq8S6ZcmAVD7KoUqt6MDI8PG4GDc40Nzfb
	MGGB4i3G4MtvHvZWU/g2gzbKXm7GVyNkN7jUCYK3w4qjtfjMYtX1ZDwN3jJlK8Oq4pOlSZ
	SRD3yUVDJZkd8viXDYfCovqlxMq6Q4mfvKG/mwCvUNmzsd6sqERa6Ft2xt3Tkg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1699427226; a=rsa-sha256; cv=none;
	b=ZSQh/keSmemjERTrlQY0H413aybBfUaNI4NJ6o+exW3LYUbZbWDTjsnIHH1C9hjCQbMVan
	vdmyqwyiP471vXgZnrobEosgH6TNij8RpBY0dS+9//rDAbFpQcBvGX2X9FkHIZHKfnbyWH
	HrAtCQlV7DKOcVCyFjOoqwd3kQThSs1CBX+HYAsGFGxkK8gPOcTUUu4YnEfgSa7jBVUYj+
	9fktMZYJCby4W/elzHPHmS9EMTlA9m9wai7uNUclmUoqIWJA9DsPX1fm0iuy2tBVVYuIqs
	PIPANBuILz0aNIczfD86ES+xmhPD1VX5MGznrgJgiW3kAIU6jtFecnVNfCl2kA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4SQGNp2vV9z85x;
	Wed,  8 Nov 2023 07:07:06 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 3A8776cA007538;
	Wed, 8 Nov 2023 07:07:06 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 3A8776h2007535;
	Wed, 8 Nov 2023 07:07:06 GMT
	(envelope-from git)
Date: Wed, 8 Nov 2023 07:07:06 GMT
Message-Id: <202311080707.3A8776h2007535@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
        dev-commits-ports-main@FreeBSD.org
From: Philip Paeps <philip@FreeBSD.org>
Subject: git: 3c5f96dd322c - main - security/vuxml: add FreeBSD SAs
  released on 2023-11-08
List-Id: Commit messages for all branches of the ports repository <dev-commits-ports-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all
List-Help: <mailto:dev-commits-ports-all+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-ports-all@freebsd.org
X-BeenThere: dev-commits-ports-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: philip
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 3c5f96dd322c34c106e5c59587b375de97cf7504
Auto-Submitted: auto-generated

The branch main has been updated by philip:

URL: https://cgit.FreeBSD.org/ports/commit/?id=3c5f96dd322c34c106e5c59587b375de97cf7504

commit 3c5f96dd322c34c106e5c59587b375de97cf7504
Author:     Philip Paeps <philip@FreeBSD.org>
AuthorDate: 2023-11-08 07:05:29 +0000
Commit:     Philip Paeps <philip@FreeBSD.org>
CommitDate: 2023-11-08 07:05:29 +0000

    security/vuxml: add FreeBSD SAs released on 2023-11-08
    
    FreeBSD-SA-23:15.stdio affects 12.4 and 13.2
    FreeBSD-SA-23:16.cap_net affects 13.2
---
 security/vuxml/vuln/2023.xml | 69 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 69 insertions(+)

diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml
index 6e37ef044568..b7de229c6323 100644
--- a/security/vuxml/vuln/2023.xml
+++ b/security/vuxml/vuln/2023.xml
@@ -1,3 +1,72 @@
+  <vuln vid="f4464e49-7e04-11ee-8e38-002590c1f29c">
+    <topic>FreeBSD -- Incorrect libcap_net limitation list manipulation</topic>
+    <affects>
+      <package>
+	<name>FreeBSD</name>
+	<range><ge>13.2</ge><lt>13.2_5</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<h1>Problem Description:</h1>
+	<p>Casper services allow limiting operations that a process can
+	perform.  Each service maintains a specific list of permitted
+	operations.  Certain operations can be further restricted, such as
+	specifying which domain names can be resolved.  During the verification
+	of limits, the service must ensure that the new set of constraints
+	is a subset of the previous one.  In the case of the cap_net service,
+	the currently limited set of domain names was fetched incorrectly.</p>
+	<h1>Impact:</h1>
+	<p>In certain scenarios, if only a list of resolvable domain names
+	was specified without setting any other limitations, the application
+	could submit a new list of domains including include entries not
+	previously in the list.</p>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2023-5978</cvename>
+      <freebsdsa>SA-23:16.cap_net</freebsdsa>
+    </references>
+    <dates>
+      <discovery>2023-11-08</discovery>
+      <entry>2023-11-08</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="5afcc9a4-7e04-11ee-8e38-002590c1f29c">
+    <topic>FreeBSD -- libc stdio buffer overflow</topic>
+    <affects>
+      <package>
+	<name>FreeBSD</name>
+	<range><ge>13.2</ge><lt>13.2_5</lt></range>
+	<range><ge>12.4</ge><lt>12.4_7</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<h1>Problem Description:</h1>
+	<p>For line-buffered streams the __sflush() function did not
+	correctly update the FILE object's write space member when the
+	write(2) system call returns an error.</p>
+	<h1>Impact:</h1>
+	<p>Depending on the nature of an application that calls libc's
+	stdio functions and the presence of errors returned from the write(2)
+	system call (or an overridden stdio write routine) a heap buffer
+	overfly may occur.  Such overflows may lead to data corruption or
+	the execution of arbitrary code at the privilege level of the calling
+	program.</p>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2023-5941</cvename>
+      <freebsdsa>SA-23:15.stdio</freebsdsa>
+    </references>
+    <dates>
+      <discovery>2023-11-08</discovery>
+      <entry>2023-11-08</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="a1a1f81c-7c13-11ee-bcf1-f8b156b6dcc8">
     <topic>vorbistools -- heap buffer overflow in oggenc</topic>
     <affects>