From nobody Sun Feb 12 21:00:04 2023 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PFKc44MS5z3rJtN; Sun, 12 Feb 2023 21:00:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PFKc43rYBz47Xc; Sun, 12 Feb 2023 21:00:04 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1676235604; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Dyx2jI2XcF6dlX4OGwTBbcOLtNePqRXe+sM5DuGuoOI=; b=jlxXnYiIX079Bax8J6Pj4UJfoYzWcQRmenc7wfB8dG0T3w35iudskMU5t+6CjQV0NsuJKH 0fUCJ3YYCzLYVvbj5aPXqPNc+RFiTHt4U5WH3Ud6QSHrUSNTrAeGcsX6MKhw4+s/s5WAEJ IObA3yWShacS1eEe72rw5bOc3aVC0bjPx8VohmMwjU+fhD1qieYV1RO/g6vAEnB1USxkdt GTmPt4uQsAO2zL+3tV6jSzu5Mqs7aZe42XNg8zq6ih6Mj5+D3EeriKMvHP2AgNOJbHMZKO OS5x49riHxYSv5F0zkyG1khSEymbLfHEw98971aX0D6AwRansJJbgJcpF4uezg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1676235604; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Dyx2jI2XcF6dlX4OGwTBbcOLtNePqRXe+sM5DuGuoOI=; b=bzhEg8iLxg8zfJlH7X9lxrdZihU7+pdDg6pTabxQEjs01ofu97RANojcAnN07baPM13kF2 Rho27ZqZ9zyXweR3v47F4t6s70jOQh2sS4biiptWMz9z1k9htjZe6NUshjLEOCNuSo6fJf n0FssVygUWujR87CEqJbZ2taWWMRVC6+ySuVyPkOqjWrbP26AnYUcNUSD+4uZ9gBv165Xc qzuBM7IjWvFu5E2MlyYLZSQWJF+WQJBlD1FuKb36sFTfohMsmrq0aTDUv0wpIfdvochd+X VlX9TPUGwQij3DSnHQfKD6jSpUsVJ4qp/KEBQ90FlZgMfFGGWr3frJkQKafEBg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1676235604; a=rsa-sha256; cv=none; b=fDOXYv1ELW0mVVDOPErGn7ZLBc9bKkBLND9IQqbhpsrjIapC3uPZsG3jSE9Grr3xb6c+5T 5qYoRjYVdrTXD5eweRuAp+S041jIEK88jVXtmaE71Lw2BtwW771lckhTh9YeQs8xD7Kkcx Pkr3fLi5myR1z7ffimydqjP35fQluJxIBXkrw6Eh+/DhpuumkmWLFzgafPistnKgi4qiTO GU2HD7tvGs+jnHGf8gJRHwGL16KU0XfAeWdiSDquCmtQ5u3SY3k1oADTCpxbQ8SFhmeeNr 3+k2UN9bV70YDny0tTDLj3WNMWryCv6yyQiZorbW9f2Nx+P7RQWEK2ObYX+5xw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4PFKc42cVjzs3t; Sun, 12 Feb 2023 21:00:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 31CL044U086812; Sun, 12 Feb 2023 21:00:04 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 31CL046Y086809; Sun, 12 Feb 2023 21:00:04 GMT (envelope-from git) Date: Sun, 12 Feb 2023 21:00:04 GMT Message-Id: <202302122100.31CL046Y086809@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Florian Smeets Subject: git: 80f33ad1ec91 - main - security/vuxml: Document phpmyfaq vulnerabilities List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: flo X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 80f33ad1ec9144d6cc6a58462e8a3b69806120ac Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by flo: URL: https://cgit.FreeBSD.org/ports/commit/?id=80f33ad1ec9144d6cc6a58462e8a3b69806120ac commit 80f33ad1ec9144d6cc6a58462e8a3b69806120ac Author: Florian Smeets AuthorDate: 2023-02-12 20:57:44 +0000 Commit: Florian Smeets CommitDate: 2023-02-12 20:57:44 +0000 security/vuxml: Document phpmyfaq vulnerabilities --- security/vuxml/vuln/2023.xml | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml index 2ac8c475290c..ffe64f6fb47b 100644 --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -1,3 +1,40 @@ + + phpmyfaq -- multiple vulnerabilities + + + phpmyfaq + 3.1.11 + + + + +

phpmyfaq developers report:

+
+

a bypass to flood admin with FAQ proposals

+

stored XSS in questions

+

stored HTML injections

+

weak passwords

+
+ +
+ + https://huntr.dev/bounties/14fc4841-0f5d-4e12-bf9e-1b60d2ac6a6c/ + https://huntr.dev/bounties/8c74ccab-0d1d-4c6b-a0fa-803aa65de04f/ + https://huntr.dev/bounties/87397c71-7b84-4617-a66e-fa6c73be9024/ + https://huntr.dev/bounties/808d5452-607c-4af1-812f-26c49faf3e61/ + https://huntr.dev/bounties/d9375178-2f23-4f5d-88bd-bba3d6ba7cc5/ + https://huntr.dev/bounties/06af150b-b481-4248-9a48-56ded2814156/ + https://huntr.dev/bounties/7152b340-c6f3-4ac8-9f62-f764a267488d/ + https://huntr.dev/bounties/9e21156b-ab1d-4c60-88ef-8c9f3e2feb7f/ + https://huntr.dev/bounties/b3881a1f-2f1e-45cb-86f3-735f66e660e9/ + https://huntr.dev/bounties/949975f1-271d-46aa-85e5-1a013cdb5efb/ + + + 2023-02-12 + 2023-02-12 + +
+ chromium -- multiple vulnerabilities