From nobody Wed Dec 18 05:49:27 2024 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCjRq34WBz5gr6r; Wed, 18 Dec 2024 05:49:27 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCjRq2XSgz4VB1; Wed, 18 Dec 2024 05:49:27 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734500967; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=QB8fJAzVa82+h1GykZDdtwpTAAg8iaAA57zDtfdrOrc=; b=nkR7laW3Nji7O4QpyUKKvWIz5IG+kzVlRHT5KRT3RrV77UGeT++X3Ii0B8UKkAMLZe/JOO EjzCKTO4+JeMUEs2RrgPnzamMKB9UHnxp8lLSz1e1LlYCEfatZjEDuw1m8JclTh+boMEda Q1/cRBjYVsUcC8NDYivcfP55vOjCssTlEDFvVE+eb2TJBSSnvlGzx3hWD7g01FobOSCtqY sueHhhjjRK+bHLqalsqgtKbBBwVTciuMswQNt9mmQM5/zPqTfZSDmGWg+zZgHYNoiiNOuX 4gCC81PfGvyNDiYHK2mJK24NF7CDVmdogfCwFpgB7ieWCgRU1CGSV8SwkM2LmA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734500967; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=QB8fJAzVa82+h1GykZDdtwpTAAg8iaAA57zDtfdrOrc=; b=A0NTapgajaFlP1OdDPrs/7Ak37D2+GISk0aMTNZxCJgi/PTM6ytUZKmjIy/k7OZA9/WuSa vbYtyMFCJPINBdfWJqwWKbj+okU5MymGE5WQ93yyCBBHQxFWM2jBiAVSIMd0HL00GZWPE4 5PSSrlsQ/JKAwfH5RYPidwXrUSUsFjA6GEsDH8Q4H+xEAYGf1M6IYjQOmTuz1ff8zhj+ZB 3sdrRip2A90Pl7NktFs6L9/rJCRpPfO1YxG6a/r7zzpppLGpx9McHbwjmo/m9pOKv5mKlb yKzOl26ahgs1ROe23Vd8pSkaiEaZdzEaSNDE8Rm/7RyHDyeFIZ41X3p2XQ+0XA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734500967; a=rsa-sha256; cv=none; b=jnCJbl8ZeDEiFZmvLR284sCYZBEzZuFtYSqC/qU4MVjlAmkzwKnbwVhQNuHXVLACagZVSC jEjHXzju2fO3RFgEIFEdxshcKn+2bPqM0TWVt8Tv8n5zk13nocmW+ko5Twarsi76qNpAxL vJwgGUrbDrYAxlfOfjSuPjnIJLJ2oxxkDUIIDzwMqeQigxctvWeM928sIS4eUUZm5RlYdu QTKXwc8vMp9kv+bEHv/WofGlKg6tXeDMjEbk6QZLPTFwaWGLi+8Tcljq9RaCqLB0IAOP8K e/08oTBil+CXesZwtIvY/ydnqsCJ258HPDUNd9YhRSkvejVPC07cHFWMmkIKoA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCjRq1qltzvYl; Wed, 18 Dec 2024 05:49:27 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BI5nR7e025996; Wed, 18 Dec 2024 05:49:27 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BI5nRST025993; Wed, 18 Dec 2024 05:49:27 GMT (envelope-from git) Date: Wed, 18 Dec 2024 05:49:27 GMT Message-Id: <202412180549.4BI5nRST025993@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Philip Paeps Subject: git: 6cab62ade8ce - main - security/vuxml: fix parse errors List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-ports-all@freebsd.org Sender: owner-dev-commits-ports-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: philip X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 6cab62ade8ce62057e36d3ad0e1a875424e4dbfe Auto-Submitted: auto-generated The branch main has been updated by philip: URL: https://cgit.FreeBSD.org/ports/commit/?id=6cab62ade8ce62057e36d3ad0e1a875424e4dbfe commit 6cab62ade8ce62057e36d3ad0e1a875424e4dbfe Author: Philip Paeps AuthorDate: 2024-12-18 05:47:43 +0000 Commit: Philip Paeps CommitDate: 2024-12-18 05:47:43 +0000 security/vuxml: fix parse errors Fix parse errors introduced in 96ddbb42b98fcb6022729ea28cd6725fcfdc4597. --- security/vuxml/vuln/2024.xml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index df792ef7fec6..68055fc4e456 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -85,11 +85,11 @@ forgejo 9.0.2 + - forgejo + forgejo7 7.0.11 - @@ -119,6 +119,7 @@ 2024-12-12 2024-12-17 + 2024-12-18 @@ -139,7 +140,7 @@ to impersonate another user. The rootless container image uses the internal ssh server by default and was vulnerable. A Forgejo instance running from a binary or from a root container image does - not use the internal ssh server by default and was not vulnerable. + not use the internal ssh server by default and was not vulnerable. The incorrect use of the crypto package is the root cause of the vulnerability and was fixed for the internal ssh server.
  • Revert "allow synchronizing user status from OAuth2 login @@ -173,7 +174,7 @@ to impersonate another user. The rootless container image uses the internal ssh server by default and was vulnerable. A Forgejo instance running from a binary or from a root container image does - not use the internal ssh server by default and was not vulnerable. + not use the internal ssh server by default and was not vulnerable. The incorrect use of the crypto package is the root cause of the vulnerability and was fixed for the internal ssh server.
  • Revert "allow synchronizing user status from OAuth2 login