From nobody Thu Aug 29 20:42:04 2024
X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WvtW3104lz52b6q;
	Thu, 29 Aug 2024 20:42:07 +0000 (UTC)
	(envelope-from SRS0=jWsS=P4=klop.ws=ronald-lists@realworks.nl)
Received: from smtp-relay-int.realworks.nl (smtp-relay-int.realworks.nl [194.109.157.24])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4WvtW30Cr1z4LxN;
	Thu, 29 Aug 2024 20:42:06 +0000 (UTC)
	(envelope-from SRS0=jWsS=P4=klop.ws=ronald-lists@realworks.nl)
Authentication-Results: mx1.freebsd.org;
	none
Date: Thu, 29 Aug 2024 22:42:04 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=klop.ws; s=rw2;
	t=1724964125;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=jcRLLMLBohgfhuZxH8L6T6fOdfD7tVhYTjMuqhvswmk=;
	b=OrpOQl7+mszZQvo6ZjQT6KoQUJsQg90R2a4E1mjI/ARD5a8lkLCs6DaPvQCr7cI/wzqprn
	B1mFtk5kRDMAdTgGAAdHJC4suApOevYrWivBOoZ/VAZni0GxeoKaQEc8w4x1jTjKjcxMIj
	Y2Jp2o2/63fZxf1g4Ij2ihn/xHEUBuba9eTSCFwUanZaoTGhAGuMgqRmawbYTxdLHpX77l
	oDpIsXSgEcKEWafEaV8mtioTbZaXYDlVhgm7S3uS6sVEUiJN0d0BcYbf6+3MxBi9cszQc3
	0U8q0vWQb9ZNgvDY4OQDDydMU8LIoVAamx5RrLNfBCU5g9coTqROLGcEUjCA7w==
From: Ronald Klop <ronald-lists@klop.ws>
To: =?UTF-8?Q?Fernando_Apestegu=C3=ADa?= <fernape@FreeBSD.org>
Cc: ports-committers@FreeBSD.org, dev-commits-ports-main@FreeBSD.org,
	dev-commits-ports-all@FreeBSD.org
Message-ID: <1673063164.6537.1724964124887@localhost>
In-Reply-To: <202408291747.47THltnT050010@gitrepo.freebsd.org>
References: <202408291747.47THltnT050010@gitrepo.freebsd.org>
Subject: Re: git: 4453cf7eef05 - main - security/vuxml: Record firefox
  multiple vulnerabilites
List-Id: Commit messages for all branches of the ports repository <dev-commits-ports-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all
List-Help: <mailto:dev-commits-ports-all+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-ports-all@freebsd.org
Sender: owner-dev-commits-ports-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_6536_1322486566.1724964124857"
X-Mailer: Realworks (718.41)
Importance: Normal
X-Priority: 3 (Normal)
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:3265, ipnet:194.109.0.0/16, country:NL]
X-Rspamd-Queue-Id: 4WvtW30Cr1z4LxN

------=_Part_6536_1322486566.1724964124857
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable

Hi,

When I read the CVE documents they mention that these are about Firefox for=
 iOS.
The advisory page of Mozilla also talks about Firefox for iOS.
https://www.mozilla.org/en-US/security/advisories/mfsa2024-36/

So I doubt that this is applicable to the FreeBSD package. But you might kn=
ow things I don't know.

Regards,
Ronald.

=20
Van: "Fernando Apestegu=C3=ADa" <fernape@FreeBSD.org>
Datum: donderdag, 29 augustus 2024 19:47
Aan: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-c=
ommits-ports-main@FreeBSD.org
Onderwerp: git: 4453cf7eef05 - main - security/vuxml: Record firefox multip=
le vulnerabilites
>=20
> The branch main has been updated by fernape:
>=20
> URL: https://cgit.FreeBSD.org/ports/commit/?id=3D4453cf7eef05f9ac2b27bda7=
a87afb7da713f1c4
>=20
> commit 4453cf7eef05f9ac2b27bda7a87afb7da713f1c4
> Author:     Fernando Apestegu=C3=ADa <fernape@FreeBSD.org>
> AuthorDate: 2024-08-29 17:43:33 +0000
> Commit:     Fernando Apestegu=C3=ADa <fernape@FreeBSD.org>
> CommitDate: 2024-08-29 17:47:42 +0000
>=20
>     security/vuxml: Record firefox multiple vulnerabilites
>    =20
>     CVE-2024-43111
>      * Base Score:  6.1 MEDIUM
>      * Vector:      CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
>    =20
>     CVE-2024-43112
>      * Base Score:  6.1 MEDIUM
>      * Vector:      CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
>    =20
>     CVE-2024-43113
>      * Base Score:  6.1 MEDIUM
>      * Vector:      CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
> ---
>  security/vuxml/vuln/2024.xml | 39 ++++++++++++++++++++++++++++++++++++++=
+
>  1 file changed, 39 insertions(+)
>=20
> diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml
> index 7dd64a18968f..e9606c88bfca 100644
> --- a/security/vuxml/vuln/2024.xml
> +++ b/security/vuxml/vuln/2024.xml
> @@ -1,3 +1,42 @@
> +  <vuln vid=3D"44de1b82-662d-11ef-a51b-b42e991fc52e">
> +    <topic>firefox -- multiple vulnerabilities</topic>
> +    <affects>
> +      <package>
> +   <name>firefox</name>
> +   <range><lt>129</lt></range>
> +      </package>
> +    </affects>
> +    <description>
> +   <bodyhttp://www.w3.org/1999/xhtml">http://www.w3.org/1999/xhtml">
> +   <p>security@mozilla.org reports:</p>
> +   <blockquote cite=3D"https://bugzilla.mozilla.org/show_bug.cgi?id=3D18=
74964">
> +     <p>This update includes 3 CVEs:</p>
> +       <ul>
> +         <li>The contextual menu for links could provide an
> +       opportunity for cross-site scripting attacks.</li>
> +         <li>Long pressing on a download link could potentially
> +       provide a means for cross-site scripting.</li>
> +         <li>Long pressing on a download link could potentially
> +       allow Javascript commands to be executed within the
> +       browser.</li>
> +   </ul>
> +   </blockquote>
> +   </body>
> +    </description>
> +    <references>
> +      <cvename>CVE-2024-43113</cvename>
> +      <url>https://nvd.nist.gov/vuln/detail/CVE-2024-43113</url>
> +      <cvename>CVE-2024-43112</cvename>
> +      <url>https://nvd.nist.gov/vuln/detail/CVE-2024-43112</url>
> +      <cvename>CVE-2024-43111</cvename>
> +      <url>https://nvd.nist.gov/vuln/detail/CVE-2024-43111</url>
> +    </references>
> +    <dates>
> +      <discovery>2024-08-06</discovery>
> +      <entry>2024-08-29</entry>
> +    </dates>
> +  </vuln>
> +
>    <vuln vid=3D"6f2545bb-65e8-11ef-8a0f-a8a1599412c6">
>      <topic>chromium -- multiple security fixes</topic>
>      <affects>
>=20
>=20
>=20

=20
------=_Part_6536_1322486566.1724964124857
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<html><head></head><body>Hi,<br>
<br>
When I read the CVE documents they mention that these are about Firefox for=
 iOS.<br>
The advisory page of Mozilla also talks about Firefox for iOS.<br>
<a href=3D"https://www.mozilla.org/en-US/security/advisories/mfsa2024-36/">=
https://www.mozilla.org/en-US/security/advisories/mfsa2024-36/</a><br>
<br>
So I doubt that this is applicable to the FreeBSD package. But you might kn=
ow things I don't know.<br>
<br>
Regards,<br>
Ronald.<br>
<br>
&nbsp;
<p><strong>Van:</strong> "Fernando Apestegu=C3=ADa" &lt;fernape@FreeBSD.org=
&gt;<br>
<strong>Datum:</strong> donderdag, 29 augustus 2024 19:47<br>
<strong>Aan:</strong> ports-committers@FreeBSD.org, dev-commits-ports-all@F=
reeBSD.org, dev-commits-ports-main@FreeBSD.org<br>
<strong>Onderwerp:</strong> git: 4453cf7eef05 - main - security/vuxml: Reco=
rd firefox multiple vulnerabilites</p>

<blockquote style=3D"padding-right: 0px; padding-left: 5px; margin-left: 5p=
x; border-left: #000000 2px solid; margin-right: 0px">
<div class=3D"MessageRFC822Viewer" id=3D"P">
<div class=3D"TextPlainViewer" id=3D"P.P">The branch main has been updated =
by fernape:<br>
<br>
URL: <a href=3D"https://cgit.FreeBSD.org/ports/commit/?id=3D4453cf7eef05f9a=
c2b27bda7a87afb7da713f1c4">https://cgit.FreeBSD.org/ports/commit/?id=3D4453=
cf7eef05f9ac2b27bda7a87afb7da713f1c4</a><br>
<br>
commit 4453cf7eef05f9ac2b27bda7a87afb7da713f1c4<br>
Author: &nbsp;&nbsp;&nbsp;&nbsp;Fernando Apestegu=C3=ADa &lt;fernape@FreeBS=
D.org&gt;<br>
AuthorDate: 2024-08-29 17:43:33 +0000<br>
Commit: &nbsp;&nbsp;&nbsp;&nbsp;Fernando Apestegu=C3=ADa &lt;fernape@FreeBS=
D.org&gt;<br>
CommitDate: 2024-08-29 17:47:42 +0000<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;security/vuxml: Record firefox multiple vulnerabili=
tes<br>
&nbsp;&nbsp;&nbsp;&nbsp;<br>
&nbsp;&nbsp;&nbsp;&nbsp;CVE-2024-43111<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;* Base Score: &nbsp;6.1 MEDIUM<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;* Vector: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;CVSS:=
3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N<br>
&nbsp;&nbsp;&nbsp;&nbsp;<br>
&nbsp;&nbsp;&nbsp;&nbsp;CVE-2024-43112<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;* Base Score: &nbsp;6.1 MEDIUM<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;* Vector: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;CVSS:=
3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N<br>
&nbsp;&nbsp;&nbsp;&nbsp;<br>
&nbsp;&nbsp;&nbsp;&nbsp;CVE-2024-43113<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;* Base Score: &nbsp;6.1 MEDIUM<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;* Vector: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;CVSS:=
3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N<br>
---<br>
&nbsp;security/vuxml/vuln/2024.xml | 39 +++++++++++++++++++++++++++++++++++=
++++<br>
&nbsp;1 file changed, 39 insertions(+)<br>
<br>
diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml<br=
>
index 7dd64a18968f..e9606c88bfca 100644<br>
--- a/security/vuxml/vuln/2024.xml<br>
+++ b/security/vuxml/vuln/2024.xml<br>
@@ -1,3 +1,42 @@<br>
+ &nbsp;&lt;vuln vid=3D"44de1b82-662d-11ef-a51b-b42e991fc52e"&gt;<br>
+ &nbsp;&nbsp;&nbsp;&lt;topic&gt;firefox -- multiple vulnerabilities&lt;/to=
pic&gt;<br>
+ &nbsp;&nbsp;&nbsp;&lt;affects&gt;<br>
+ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;package&gt;<br>
+ &nbsp;&nbsp;&lt;name&gt;firefox&lt;/name&gt;<br>
+ &nbsp;&nbsp;&lt;range&gt;&lt;lt&gt;129&lt;/lt&gt;&lt;/range&gt;<br>
+ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;/package&gt;<br>
+ &nbsp;&nbsp;&nbsp;&lt;/affects&gt;<br>
+ &nbsp;&nbsp;&nbsp;&lt;description&gt;<br>
+ &nbsp;&nbsp;&lt;bodyhttp://www.w3.org/1999/xhtml"&gt;http://www.w3.org/19=
99/xhtml"&gt;<br>
+ &nbsp;&nbsp;&lt;p&gt;security@mozilla.org reports:&lt;/p&gt;<br>
+ &nbsp;&nbsp;&lt;blockquote cite=3D"<a href=3D"https://bugzilla.mozilla.or=
g/show_bug.cgi?id=3D1874964">https://bugzilla.mozilla.org/show_bug.cgi?id=
=3D1874964</a>"&gt;<br>
+ &nbsp;&nbsp;&nbsp;&nbsp;&lt;p&gt;This update includes 3 CVEs:&lt;/p&gt;<b=
r>
+ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;ul&gt;<br>
+ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;li&gt;The contextual =
menu for links could provide an<br>
+ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;opportunity for cross-site scripting =
attacks.&lt;/li&gt;<br>
+ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;li&gt;Long pressing o=
n a download link could potentially<br>
+ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;provide a means for cross-site script=
ing.&lt;/li&gt;<br>
+ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;li&gt;Long pressing o=
n a download link could potentially<br>
+ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;allow Javascript commands to be execu=
ted within the<br>
+ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;browser.&lt;/li&gt;<br>
+ &nbsp;&nbsp;&lt;/ul&gt;<br>
+ &nbsp;&nbsp;&lt;/blockquote&gt;<br>
+ &nbsp;&nbsp;&lt;/body&gt;<br>
+ &nbsp;&nbsp;&nbsp;&lt;/description&gt;<br>
+ &nbsp;&nbsp;&nbsp;&lt;references&gt;<br>
+ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;cvename&gt;CVE-2024-43113&lt;/cvename&g=
t;<br>
+ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;url&gt;<a href=3D"https://nvd.nist.gov/=
vuln/detail/CVE-2024-43113</url">https://nvd.nist.gov/vuln/detail/CVE-2024-=
43113&lt;/url</a>&gt;<br>
+ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;cvename&gt;CVE-2024-43112&lt;/cvename&g=
t;<br>
+ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;url&gt;<a href=3D"https://nvd.nist.gov/=
vuln/detail/CVE-2024-43112</url">https://nvd.nist.gov/vuln/detail/CVE-2024-=
43112&lt;/url</a>&gt;<br>
+ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;cvename&gt;CVE-2024-43111&lt;/cvename&g=
t;<br>
+ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;url&gt;<a href=3D"https://nvd.nist.gov/=
vuln/detail/CVE-2024-43111</url">https://nvd.nist.gov/vuln/detail/CVE-2024-=
43111&lt;/url</a>&gt;<br>
+ &nbsp;&nbsp;&nbsp;&lt;/references&gt;<br>
+ &nbsp;&nbsp;&nbsp;&lt;dates&gt;<br>
+ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;discovery&gt;2024-08-06&lt;/discovery&g=
t;<br>
+ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;entry&gt;2024-08-29&lt;/entry&gt;<br>
+ &nbsp;&nbsp;&nbsp;&lt;/dates&gt;<br>
+ &nbsp;&lt;/vuln&gt;<br>
+<br>
&nbsp;&nbsp;&nbsp;&lt;vuln vid=3D"6f2545bb-65e8-11ef-8a0f-a8a1599412c6"&gt;=
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;topic&gt;chromium -- multiple security fi=
xes&lt;/topic&gt;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;affects&gt;</div>

<hr></div>
</blockquote>
<br>
&nbsp;</body></html>
------=_Part_6536_1322486566.1724964124857--