From nobody Mon Sep 18 03:06:28 2023
X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RpqSj1rvNz4tL04;
	Mon, 18 Sep 2023 03:06:29 +0000 (UTC)
	(envelope-from danfe@freebsd.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "freefall.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4RpqSj1L41z4GB7;
	Mon, 18 Sep 2023 03:06:29 +0000 (UTC)
	(envelope-from danfe@freebsd.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1695006389;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=SLgwBo6fbWMSPaQjKYAT6sgBcK0UDNRCgQUsvUgmG8c=;
	b=FY5zhGGmAYEWGYEfizysP5OEkPvSiu/nvP42YvxvKexmOCy+MLHtJhsFt08FrT7jZwYKpA
	hf6R25XYKAIhraiO4Em6KNIk7r5wKbyzPsNNzz6F7skpZx9WYlst4kLLQ8wY4VL0wofJAm
	O6ZXYHZJ28W/+rnaJ77QjuiRmJXzME9m1NEPI5th+q7jqogXuYlPHccM7zwUO+AQbNDvkH
	sJdM1Yl+EGMawzya0qro8DAUAU+0AUy/dixutx/8QbFDmCiJOYeE3P5NwNedD18Ca1dmnu
	OY7/sMdlruFtZedkmO6sbiK64m1ZFJVmzVz6BXv0R61NMEvRipJ/B3juGBH73g==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1695006389; a=rsa-sha256; cv=none;
	b=n3bOCIM9ojyhu/G5qZEYpHMnI1grWuK9hI5eVmTgi6HtrYqcS2vWxjLmDnPh4fmMrhKhVl
	z7TV7F6GtBMgHpDME391sIzOA/OoMWymr/FvpirpyvTvhoPvEfAedevBaFELLJ94zWQoYx
	WHHvkR7qKXvUZX07CHtcKW/GVpSxtc6iDPlkMKpCrlXAvpAMY0Hi1be7zgAMZh9zj7h1x7
	mqavcwORHmaM2oplfAlRj3A4LJ9ZkJNM9nawub3R3P1weJYgzMjzlb//FPvO1e2lJbsMr7
	Tt2AgLp9ars4MpOMncDchLMAPOQZZFWk2MZA2NNNDzQnoQhlqgzvfC89zga+bQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1695006389;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=SLgwBo6fbWMSPaQjKYAT6sgBcK0UDNRCgQUsvUgmG8c=;
	b=mDI2iahEptDe0RGQbd8mPgZi2/h/WDTD6N4YWoE5nJNdXllsjsiFj6kYrywhHer4k3fPp8
	PIDFZOYSshDfEpux84KkDTVW2VraUDf6JPdavd4KwT9KXCLBYYb+Fl7YqQ4QfvZpPpQ9CK
	A2n+P+nesDlUbxkxdclDBzeZ7NEd1uXSkdeNBdT71vRn6liqfgWPlKY2mxejbdZAt940K+
	0gSi1bsCTLSvU6zZmeYXe4lknBDoVZ1nKsvhzFPX2jG0Ub44jXLAitlxeMxPhHucbkMmnk
	0y6+quYsLjHv98AiVnouJT7nPj/cgCpLl+/2xYiu8z5ne0ZM3KWBgl5k+S6ESg==
Received: by freefall.freebsd.org (Postfix, from userid 1033)
	id 04F4816916; Mon, 18 Sep 2023 03:06:28 +0000 (UTC)
Date: Mon, 18 Sep 2023 03:06:28 +0000
From: Alexey Dokuchaev <danfe@freebsd.org>
To: "Jason E. Hale" <jhale@freebsd.org>
Cc: Bernard Spil <brnrd@freebsd.org>, ports-committers@freebsd.org,
	dev-commits-ports-all@freebsd.org,
	dev-commits-ports-main@freebsd.org
Subject: Re: git: a3dec5316c3e - main - security/vuxml: Document cURL
 vulnerability
Message-ID: <ZQe-tN15B4UNaKUi@FreeBSD.org>
References: <202309161328.38GDSngf016525@gitrepo.freebsd.org>
 <CAJE75NFU_dEGvhW2XQrjOVtQLow=-hBA1Xz4anW0AZf9tJ-oKw@mail.gmail.com>
 <ZQdGjkvUsN1RjA8k@FreeBSD.org>
List-Id: Commits to the main branch of the FreeBSD ports repository <dev-commits-ports-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main
List-Help: <mailto:dev-commits-ports-main+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-main+unsubscribe@freebsd.org>
Sender: owner-dev-commits-ports-main@freebsd.org
X-BeenThere: dev-commits-ports-main@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <ZQdGjkvUsN1RjA8k@FreeBSD.org>

On Sun, Sep 17, 2023 at 06:33:50PM +0000, Alexey Dokuchaev wrote:
> On Sun, Sep 17, 2023 at 02:23:22PM -0400, Jason E. Hale wrote:
> > > commit a3dec5316c3e45a676eef22de283ad57ea6a3111
> > >
> > >   security/vuxml: Document cURL vulnerability
> > >
> > >   PR:             273764
> > >   Reported by:    yasu
> > > [...]
> > > +   <vuln vid="b5508c08-547a-11ee-85eb-84a93843eb75">
> > > +     <topic>Roundcube -- XSS vulnerability</topic>
> > > +     <affects>
> > > +--
> > > +2.42.0
> > > +
> > 
> > You probably didn't mean to add this file. Could you remove it please?
> 
> Could it be the reason why any "make" command in any port now complains
> that it has known vulnerabilities?

Never mind, committed attachment file is bogus, but apparently harmless.
It's just my /var/db/pkg/vuln.xml somehow got corrupted, `pkg audit -F'
had fixed the problem.

./danfe