git: 1f4fb1b7c268 - main - security/vuxml: Document net-im/dendrite vulneraability
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 30 Jan 2025 16:28:28 UTC
The branch main has been updated by ashish:
URL: https://cgit.FreeBSD.org/ports/commit/?id=1f4fb1b7c26872ea3d9b42c101895a0e15b539d8
commit 1f4fb1b7c26872ea3d9b42c101895a0e15b539d8
Author: Ashish SHUKLA <ashish@FreeBSD.org>
AuthorDate: 2025-01-30 16:09:24 +0000
Commit: Ashish SHUKLA <ashish@FreeBSD.org>
CommitDate: 2025-01-30 16:28:03 +0000
security/vuxml: Document net-im/dendrite vulneraability
---
security/vuxml/vuln/2025.xml | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml
index 1206086935c9..932c29ab0fee 100644
--- a/security/vuxml/vuln/2025.xml
+++ b/security/vuxml/vuln/2025.xml
@@ -1,3 +1,29 @@
+ <vuln vid="cd2ace09-df23-11ef-a205-901b0e9408dc">
+ <topic>dendrite -- Server-side request forgery vulnerability</topic>
+ <affects>
+ <package>
+ <name>dendrite</name>
+ <range><lt>0.14.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Dendrite team reports:</p>
+ <blockquote cite="https://github.com/matrix-org/gomatrixserverlib/security/advisories/GHSA-4ff6-858j-r822">
+ <p>This is a security release, gomatrixserverlib was vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2024-52594</cvename>
+ <url>https://github.com/matrix-org/gomatrixserverlib/security/advisories/GHSA-4ff6-858j-r822</url>
+ </references>
+ <dates>
+ <discovery>2025-01-16</discovery>
+ <entry>2025-01-30</entry>
+ </dates>
+ </vuln>
+
<vuln vid="2830b374-debd-11ef-87ba-002590c1f29c">
<topic>FreeBSD -- Uninitialized kernel memory disclosure via ktrace(2)</topic>
<affects>