Re: git: 072998df6d44 - main - security/vuxml: Document multiple xrdp vulnerabilities
- In reply to: Koichiro Iwao : "git: 072998df6d44 - main - security/vuxml: Document multiple xrdp vulnerabilities"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 10 Dec 2022 18:46:42 UTC
FYI this did not pass "make validate" due to whitespace inconsistencies. It is fixed now, but please always check if "make validate" passes before submitting changes to the vuxml port. Thank you! :) On Sat, 10 Dec 2022 at 15:08, Koichiro Iwao <meta@freebsd.org> wrote: > > The branch main has been updated by meta: > > URL: https://cgit.FreeBSD.org/ports/commit/?id=072998df6d4408d7bc6104d431205c9b3c385fc4 > > commit 072998df6d4408d7bc6104d431205c9b3c385fc4 > Author: Koichiro Iwao <meta@FreeBSD.org> > AuthorDate: 2022-12-10 14:04:49 +0000 > Commit: Koichiro Iwao <meta@FreeBSD.org> > CommitDate: 2022-12-10 14:07:46 +0000 > > security/vuxml: Document multiple xrdp vulnerabilities > > Obrained from: https://github.com/neutrinolabs/xrdp/releases/tag/v0.9.21 > --- > security/vuxml/vuln/2022.xml | 48 ++++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 48 insertions(+) > > diff --git a/security/vuxml/vuln/2022.xml b/security/vuxml/vuln/2022.xml > index 9d3f44c38d5d..89f9378a6798 100644 > --- a/security/vuxml/vuln/2022.xml > +++ b/security/vuxml/vuln/2022.xml > @@ -1,3 +1,51 @@ > + <vuln vid="ba94433c-7890-11ed-859e-1c61b4739ac9"> > + <topic>xrdp -- multiple vulnerabilities</topic> > + <affects> > + <package> > + <name>xrdp</name> > + <range><lt>0.9.21</lt></range> > + </package> > + </affects> > + <description> > + <body xmlns="http://www.w3.org/1999/xhtml"> > + <p>xrdp project reports:</p> > + <blockquote cite="https://github.com/neutrinolabs/xrdp/releases/tag/v0.9.21"> > + <p>This update is recommended for all xrdp users and provides following important security fixes:</p> > + <ul> > + <li>CVE-2022-23468</li> > + <li>CVE-2022-23477</li> > + <li>CVE-2022-23478</li> > + <li>CVE-2022-23479</li> > + <li>CVE-2022-23480</li> > + <li>CVE-2022-23481</li> > + <li>CVE-2022-23483</li> > + <li>CVE-2022-23482</li> > + <li>CVE-2022-23484</li> > + <li>CVE-2022-23493</li> > + </ul> > + <p>These security issues are reported by Team BT5 (BoB 11th). We appreciate their great help with making and reviewing patches.</p> > + </blockquote> > + </body> > + </description> > + <references> > + <cvename>CVE-2022-23468</cvename> > + <cvename>CVE-2022-23477</cvename> > + <cvename>CVE-2022-23478</cvename> > + <cvename>CVE-2022-23479</cvename> > + <cvename>CVE-2022-23480</cvename> > + <cvename>CVE-2022-23481</cvename> > + <cvename>CVE-2022-23483</cvename> > + <cvename>CVE-2022-23482</cvename> > + <cvename>CVE-2022-23484</cvename> > + <cvename>CVE-2022-23493</cvename> > + <url>https://github.com/neutrinolabs/xrdp/releases/tag/v0.9.21</url> > + </references> > + <dates> > + <discovery>2022-12-01</discovery> > + <entry>2022-12-10</entry> > + </dates> > + </vuln> > + > <vuln vid="050eba46-7638-11ed-820d-080027d3a315"> > <topic>Python -- multiple vulnerabilities</topic> > <affects>