From nobody Wed May 10 11:35:11 2023 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QGXy80jLFz49m5B; Wed, 10 May 2023 11:35:12 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4QGXy774q4z3F0V; Wed, 10 May 2023 11:35:11 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1683718512; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=fnPPNfNrMDFOJIeEGmxvVpHTssbY71detC1ePpyaic4=; b=PITjDhdYaX6OmtHClub24ZiarRMX0wnCg9uDP1uaJ3MCwcO4EXMDgmzaFpHbEBeM71rRF/ cqEyP/WS9Dqvi45YRiI179RLMWUDo90KuUkwZiwN/mGxY16o9EmjAfD61u+zTd0ymmwYQz AdU3kagYoDl8qFnpwUY4S7z4zGGCs/4/pjqZdpcKoPlFvxk1OEH6A/z1D2I5HJhOCfWZxV k2U5v1sOn+LDLoxjsfIrHHK3uBVR/eqwrvqppA+49+8ePdz/2J99dqBDYPInMl2J9vPUtm ueH4HI+f2vty+dTnZCAMLF8CG08TmCi4Bg5P4mV8IXsRCuvs9KdosHlj7jxHVw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1683718512; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=fnPPNfNrMDFOJIeEGmxvVpHTssbY71detC1ePpyaic4=; b=PAvm1L618RldP6e8yGgtnhWQ5Aji7ilch+HfsSoVZD4CCmA9rmR6wjJvbpWIIMITckVHFF 3lCxtiZfhaMxXUBtCy/WI7nqbtHQTNTaxH2G5ItQlLjrPFZQlgAO2E4jCCKKNsOcKiqd5a y6tcppQtOs7Ho1qEuXl3KoAur1nwmOoDnVFYnAC89i8LhnTofx3Oh+zbEZ9eTUH2gBKQAc 8TeFpaPQ3U/9Ene9BJPrHhmjqV2ULPJaIo1Ed8S2Rzzgo6GK7AbmyZ8OWtF7eN6obGApor Mw4a85xln9xO7DVoSOyQCm2rH5A5+cYKN8Y3OdJPpa0oKv8tDV3FiABCkn8SCA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1683718512; a=rsa-sha256; cv=none; b=QhsFxNU5gVr1F7JVi6sxp9qQBoIsCGSYEYtaWcJ9OycGX1+/opt+F0/YTBfqO8ugspyq76 YXyYV5Ly04+5QzlTpC8kqJlnoQEPcXv1NaZWLg5ucKxvliq1MDtWUEgGo5NHP5CmGfzicA fOru16l5/gXr6o3o7de4Z//BrBcsmspGbu7BEagPZ5KAkcm6HlPFpDq/pVlvH83YWcrnqz lNdZv8Z2bg8sfr0pDg0J3uPwouShEAPWXP5Nn5Dtwq33nbIzlH/A8lHHgXUZNMiBalODgi p2Xlz0euArWWVSxt3lObArO2+raUbfnpQPU+3mNHvOYXDz3ET47ryN638Ek/XA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QGXy767z1z17lm; Wed, 10 May 2023 11:35:11 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 34ABZBv2006699; Wed, 10 May 2023 11:35:11 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 34ABZBjD006698; Wed, 10 May 2023 11:35:11 GMT (envelope-from git) Date: Wed, 10 May 2023 11:35:11 GMT Message-Id: <202305101135.34ABZBjD006698@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Hiroki Tagato Subject: git: fbc8fa7cd5f2 - main - security/vuxml: document vscode information disclosure vulnerability List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: tagattie X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: fbc8fa7cd5f22ed4469826beeb6cf442cf137e34 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by tagattie: URL: https://cgit.FreeBSD.org/ports/commit/?id=fbc8fa7cd5f22ed4469826beeb6cf442cf137e34 commit fbc8fa7cd5f22ed4469826beeb6cf442cf137e34 Author: Hiroki Tagato AuthorDate: 2023-05-10 11:33:20 +0000 Commit: Hiroki Tagato CommitDate: 2023-05-10 11:35:05 +0000 security/vuxml: document vscode information disclosure vulnerability Obtained from: https://github.com/microsoft/vscode/security/advisories/GHSA-mmfh-4pv3-39hr --- security/vuxml/vuln/2023.xml | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml index 272a3001ea5e..99d8615001e1 100644 --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -1,3 +1,31 @@ + + vscode -- Visual Studio Code Information Disclosure Vulnerability + + + vscode + 1.78.1 + + + + +

secure@microsoft.com reports:

+
+

Visual Studio Code Information Disclosure Vulnerability

+

A information disclosure vulnerability exists in VS Code 1.78.0 and earlier versions on Windows when file system operations are performed on malicious UNC paths. Examples include reading or resolving metadata of such paths. An authorised attacker must send the user a malicious file and convince the user to open it for the vulnerability to occur. Exploiting this vulnerability could allow the disclosure of NTLM hashes.

+
+ + + + CVE-2023-29338 + https://nvd.nist.gov/vuln/detail/CVE-2023-29338 + https://github.com/microsoft/vscode/security/advisories/GHSA-mmfh-4pv3-39hr + + + 2023-05-09 + 2023-05-10 + + + glpi -- multiple vulnerabilities