From nobody Tue Jun 13 22:08:24 2023 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QgjP43DRbz4d4Rr; Tue, 13 Jun 2023 22:08:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4QgjP42NYVz47m8; Tue, 13 Jun 2023 22:08:24 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1686694104; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=RrnmQmC7kM1BSoRYxDKLy3sf7idJ4nW7lCDq/y8BnPM=; b=YW+hi4nijWaENbskBonFQxEZ8bC+QA6qessVON3j1+E45tuSeuZyIJJoGqMT9mNbhbWdcE /FQGzrUtelqwSR9vZ1/gu6jziyxgd+zp6m/TOwneQQv7OdErcHsufpnBeZUEEQJiLDfybd HuymgBBupZbPnIt9aEjAb5myBsf2YgVQ32NAaflOg/baMylNnaBik7BNBZu5k2MSnKgcuu LEtHeTb7DMK+F/8DumS1+zQDf6gMkvN+bndg7yChg27S/OXfP5BvJbIeP8kFbcMdzHb87j NdmEkhYBP6K7XEPGlTnvWVPD2NRbpIZfL+az3lkPUDnTk5OEmECCjrs5lYIhRQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1686694104; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=RrnmQmC7kM1BSoRYxDKLy3sf7idJ4nW7lCDq/y8BnPM=; b=Fa2ISGxokpBxPgRNm++DFyqCtgb3BId03ehtUsmrRFEKRphqGDvaohSYEW1C8zwu1Mdrgl JjAiHPrY8842QvFIQkK6PCoGdKvhN44ClqQDOFNTsa/Z9nwVjC9RcR0VV+0MoXkBd2oLnW R0W6gs+ZgFlts2kAZtfUTzzZ1iN9FDtAs+swAKDVhkTj3RrrRiQsOUbWJKjVCIA0nNFIkR Sv/nvXlQqZRiBGh3ZXsux6kTnuWmrrqF0+6lWhrnI0kDfHFbHUArmdVw9CT1kV9RnDBV8n JHFZbDuRW6YeW1baGk1jjWmT4oGEehu13AjQk3RArHBrbwXh9paQZ3AX0SlE7A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1686694104; a=rsa-sha256; cv=none; b=mX9vTUASljV2AT4mctjrlOre+f5WqA0FYT1UmBVHd4y4JWu5uauIWoatc2MJF/LzGJn4gK zkxfFeAFhh14f2ikYlydN8TigUN/W6sQ8QkFfzICgA/kSR43GD4RTqdb4owmncWHZQEq7y cdXLTphOI2zZQH+w5GQJTI0W0ef4LCXAEZYUwRTZiqzcssS38YAgATqmZA0fH4UGcgUn8S YAVZusqLuPXWuI5WSslbxdiw2FLkwOvA28znTquky+Tav+nfDl0dCHEdOezfaYi8+bC0AE GVEfSyG0HYFvHW0nAcZJ/m34jI59wj0k7Z8mZ05ETccf+Q9rGlsbr3D3wzFEaA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QgjP41JgyzfTy; Tue, 13 Jun 2023 22:08:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 35DM8OZq084587; Tue, 13 Jun 2023 22:08:24 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 35DM8O7n084586; Tue, 13 Jun 2023 22:08:24 GMT (envelope-from git) Date: Tue, 13 Jun 2023 22:08:24 GMT Message-Id: <202306132208.35DM8O7n084586@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Hiroki Tagato Subject: git: e82648cefbcc - main - security/vuxml: document vscode information disclosure vulnerability List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: tagattie X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: e82648cefbcc56d8b3230f8fe4320bd21cc5dd9d Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by tagattie: URL: https://cgit.FreeBSD.org/ports/commit/?id=e82648cefbcc56d8b3230f8fe4320bd21cc5dd9d commit e82648cefbcc56d8b3230f8fe4320bd21cc5dd9d Author: Hiroki Tagato AuthorDate: 2023-06-13 22:07:00 +0000 Commit: Hiroki Tagato CommitDate: 2023-06-13 22:07:00 +0000 security/vuxml: document vscode information disclosure vulnerability Obtained from: https://github.com/microsoft/vscode/security/advisories/GHSA-j5wm-6crw-xvmr --- security/vuxml/vuln/2023.xml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml index 9ae82777c37b..ae6c99f607b8 100644 --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -1,3 +1,30 @@ + + vscode -- VS Code Information Disclosure Vulnerability + + + vscode + 1.79.1 + + + + +

VSCode developers reports:

+
+

VS Code Information Disclosure Vulnerability

+

A information disclosure vulnerability exists in VS Code 1.79.0 and earlier versions on Windows when file system operations are performed on malicious UNC paths. Examples include reading or resolving metadata of such paths. An authorised attacker must send the user a malicious file and convince the user to open it for the vulnerability to occur. Exploiting this vulnerability could allow the disclosure of NTLM hashes.

+
+ + + + CVE-2023-33144 + https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33144 + + + 2023-06-13 + 2023-06-13 + + + chromium -- multiple vulnerabilities