From nobody Fri Sep 16 20:58:05 2022 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4MTmcY6JKcz4c0cP; Fri, 16 Sep 2022 20:58:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4MTmcY5hLZz3ZBG; Fri, 16 Sep 2022 20:58:05 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1663361885; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=gwaooAqLM3XYxfkHwOspn5Xs+QX0g7QR7a0MEFdE6Ok=; b=tzUG67n4WgyQT2UCqX4hkUfzFsPa+s3ZsDl/Xs8XOJ2wzjThZJgmqV5HSjQyS3vTTJySz/ YSiOW4zipycYBcejb73SLesLpj50VpXdux4yDmwFu2WyYz1xK1u2D1ggFs09t6nRis5wQE NnKQWQNUoEZs8SS2H55Lih73M0JKIUicOqcK9xKPtnH2ucJhwtCbeyiUUBdDot4WgPLhrv YrHPfGCE4QRZ1A7azaQL41U11DmcRFvnyi6jW0B+e0APvKHRNCJl0fFXtjeUm30GnoR4KH kQB537H7MBFsAPDaAxxw1/9jSprWG7pMRVsYTqwjuCLbx68Sw6bFraxJkl+L8A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4MTmcY4nQCzTfW; Fri, 16 Sep 2022 20:58:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 28GKw5jV063318; Fri, 16 Sep 2022 20:58:05 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 28GKw53P063317; Fri, 16 Sep 2022 20:58:05 GMT (envelope-from git) Date: Fri, 16 Sep 2022 20:58:05 GMT Message-Id: <202209162058.28GKw53P063317@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: =?utf-8?Q?Romain=20Tarti=C3=A8re?= Subject: git: 281a15d0ab0d - main - security/vuxml: Document vulnerability in PuppetDB List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: romain X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 281a15d0ab0d9fa34c301ed17e6020f10d224df9 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1663361885; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=gwaooAqLM3XYxfkHwOspn5Xs+QX0g7QR7a0MEFdE6Ok=; b=DALKhdyTJflzTK62y1oeFARpOAqMRDOHmC1HblBWV53EbQ4l1qVI4eNuDhaVbMYv21wGbG Gfi8wUaoKbFsfI32uHRu5u8Gp4eR9CuCZMagDgciiFmeKQc/TNY7EADJBMdIZg+Sh0rTwi /MmhpB4BPcSEM4xp82XtTCCAmI+3CG5ZtL89aaGK5lRZZTbKpDnwzazdJSOmo5Vs4T0xNR 3SSyvWe0qHOIYkcJM3Nf3LyE1kUgsM9UcNQkg46ZgEbL3BF+cHbKxOYISXljkv2DV268hv CR6aeLFtpYElfdX0LrMKdm3+E2tGe2oG03BaymuGLVtqA/yuBz7+VlkYQsNnNw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1663361885; a=rsa-sha256; cv=none; b=PmiguI1JV3WHRXdhFpKRRgoRYJLT7K7Zcw8QdK38YOX9HwWMDrAdjvnl3S4ksII95ZA06T XAa1CHvJx5yf0fsJr7oCf7aphYj2Ce4clyLQs5s8mPcRRwJafaZdlQi/pXlGa+aVYPK5Pv 03+0ZDF3eTPYNnxcyQ27TDuA0ZUYUXrGTOT+3gdhcyyasclnI2fG0oSt0F8BcpdQPBxabR S6j5NSkm5ZBiLRfkumOyaapXOjYpxK9ij3ew/h+EJQDNex8Cayy9Y4+z/6OS+PPvxR1LWl e5ZTthDlCZRSgYN8OX4Rpw+J803FMhjAcO/T2xYF5kHC0IUTZbOGvqy4hX9qbg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by romain: URL: https://cgit.FreeBSD.org/ports/commit/?id=281a15d0ab0d9fa34c301ed17e6020f10d224df9 commit 281a15d0ab0d9fa34c301ed17e6020f10d224df9 Author: Romain Tartière AuthorDate: 2022-09-16 20:56:23 +0000 Commit: Romain Tartière CommitDate: 2022-09-16 20:57:40 +0000 security/vuxml: Document vulnerability in PuppetDB --- security/vuxml/vuln-2022.xml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml index e6665539a83f..ab4dbd8fd39c 100644 --- a/security/vuxml/vuln-2022.xml +++ b/security/vuxml/vuln-2022.xml @@ -1,3 +1,34 @@ + + puppetdb -- Potential SQL injection + + + puppetdb6 + 6.22.1 + + + puppetdb7 + 7.11.1 + + + + +

Puppet reports:

+
+

The org.postgresql/postgresql driver has been updated to version 42.4.1 to address CVE-2022-31197, which is an SQL injection risk that according to the CVE report, can only be exploited if an attacker controls the database to the extent that they can adjust relevant tables to have "malicious" column names.

+
+ +
+ + CVE-2022-31197 + https://nvd.nist.gov/vuln/detail/CVE-2022-31197 + https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-r38f-c4h4-hqq2 + + + 2022-08-03 + 2022-09-16 + +
+ chromium -- multiple vulnerabilities