From nobody Tue Jan 21 22:22:04 2025 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Yd1sS5jSjz5lgY1; Tue, 21 Jan 2025 22:22:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Yd1sS4yHrz47hX; Tue, 21 Jan 2025 22:22:04 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1737498124; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=fdaM6K7nRSF9lal90L2xE+djVX02fiNFvYOK6SD8F80=; b=yTRxNFId5CfXrPcnzLOVHX9Tk9x1UL/T62uH+uGhPb6nBkzqfYpiqs7UfsihfF4257ZYO8 QWgICI+dkwTnoZs5ApcoqUKimwqpvc47kmgR9WVHPJTYPtSxjWdThmjSap26+zvqNCCOzu b2mEeQnoWsjN5FzR44cYUjZDNKFb4149wlFV+GD1FGon+q2NUByAHKHEjqTQvMIW03WgUl E0OPAMsDyI8AtI7LpW3OpnfC3c4qyZGNp9DZq0POGEBlCuEA+yqLQ4u2o8ciCQaTNweCgv nEviT+sDu+3k2IyRqmYovF7EirGRGMjVR6G9bX6znomP1b8feYC/WxG6Fa+p4A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1737498124; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=fdaM6K7nRSF9lal90L2xE+djVX02fiNFvYOK6SD8F80=; b=jks3EmNtPqfu1IOEODu/XO247eO/RNPku7VOwt/lGWCO+DJrf6LC+e+UUfvUGfKKU5d5Qi E7JD4Qe4WrLAt+bM9SuHWouiCNs3I62UHrQE6ZzrPIIo8ewoM+Ugp+McJlj7g1oXY+PQ6w E7rX2p2s8r/GogpTglLGyNIbnIK073xVoLvCEBZqpKUgR9qRfW5tOIgsR829DJyW5VQA2l VVApzk3RliC0yOGTxzmv+Wv9qQnKrGgn++XvY8opBl1+F+6zhbNwhhHXBsW+y8GAlaZzM6 O8Hj3NUYlOSYwaSpkqw4yJ0aRhrr0UkCSoWcXmBLPsiLsIdjvmWt8vuYgQ6Kbg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1737498124; a=rsa-sha256; cv=none; b=idwDXfMq3k6K4AbdsFp9UDolvLrjGht8+hs9s8A+P3EIq+kb3lIG6jerXthQ2neVJZ0lC9 qYlHsrD0ojDf8F+30lBVzQE/7RerYYFDnQj/8f6gVzYuT7zgXyIageMYz1FtZsnt4wd851 bOMUL0NxyL0bWB+3LOLxZx8diC7rDt3Y18H98gI9RhYjXXR4r8LTik3Gg2lEVgSY2QEz2X aWgqsW3TdPKhfzsbOmHO8+B+R6OhNLApzBAH9HJVW6WHcWqi4CKFivG1CijgAfsSsP+whI 0SoDjFhtmcNqBVOw0iTlfD2+RdMTH1NVHOGudCRWhq1il9UtHLd/PEuZy8cmAQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Yd1sS42kHz9nw; Tue, 21 Jan 2025 22:22:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 50LMM4EO081590; Tue, 21 Jan 2025 22:22:04 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 50LMM4Qx081587; Tue, 21 Jan 2025 22:22:04 GMT (envelope-from git) Date: Tue, 21 Jan 2025 22:22:04 GMT Message-Id: <202501212222.50LMM4Qx081587@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Ashish SHUKLA Subject: git: ce6bdfd4ae17 - main - security/vuxml: Document lang/go* vulnerabilities List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-ports-all@freebsd.org Sender: owner-dev-commits-ports-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: ashish X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: ce6bdfd4ae178e34130f649c41f7ee311d831253 Auto-Submitted: auto-generated The branch main has been updated by ashish: URL: https://cgit.FreeBSD.org/ports/commit/?id=ce6bdfd4ae178e34130f649c41f7ee311d831253 commit ce6bdfd4ae178e34130f649c41f7ee311d831253 Author: Ashish SHUKLA AuthorDate: 2025-01-21 22:09:50 +0000 Commit: Ashish SHUKLA CommitDate: 2025-01-21 22:21:09 +0000 security/vuxml: Document lang/go* vulnerabilities PR: 284181 --- security/vuxml/vuln/2025.xml | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml index 001cbc84d4d5..1a08ce0c3004 100644 --- a/security/vuxml/vuln/2025.xml +++ b/security/vuxml/vuln/2025.xml @@ -1,3 +1,45 @@ + + go -- multiple vulnerabilities + + + go122 + 1.22.11 + + + go123 + 1.23.5 + + + + +

The Go project reports:

+
+

crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints

+

A certificate with a URI which has a IPv6 address with a + zone ID may incorrectly satisfy a URI name constraint that + applies to the certificate chain.

+
+
+

net/http: sensitive headers incorrectly sent after cross-domain redirect

+

The HTTP client drops sensitive headers after following a + cross-domain redirect. For example, a request to a.com/ + containing an Authorization header which is redirected to + b.com/ will not send that header to b.com.

+
+ + + + CVE-2024-45341 + CVE-2024-45336 + https://go.dev/issue/71156 + https://go.dev/issue/70530 + + + 2025-01-07 + 2025-01-21 + + + electron31 -- multiple vulnerabilities