From nobody Mon Feb 12 17:11:26 2024 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TYWFq0vxFz5B9RY; Mon, 12 Feb 2024 17:11:27 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TYWFq0P2Yz4Fkw; Mon, 12 Feb 2024 17:11:27 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1707757887; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=gzBziB4/nBL/m2cvPZ2cbzluSOfwU8Z10+/J59zL+OE=; b=NPma3dFZ43UtlIdoR1wUPwm+hLiLM+Mab1btuvhYIWa4OQMQpxkYqIgBWEuEFBmBxrUY+C X5YalzbbyP12smX7LKK3KE9WvNeTabN2Iu5mF+gWjJiidZW2GNBqj8p8Jay1e7hy8w19Nd 0Y3UYUWygK8ScoiHN+1wRnkst/GyZhZSFGSBQk10gUyv9FfhBfCF6t0szyj/TfeWZIHJ+m oeTKLUxcPGWVjtiaK6xlCZv3QJyi5veC/zJMGMSRtTgmBg4XVqKfCwZreD31SUYyt6j1zy sK72m/4p9J4ZR3leCmLmdE0kexObSQNVNPgCzJupg/8GQLveg+TRl77sUOxG/w== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1707757887; a=rsa-sha256; cv=none; b=mrvuGh8Kqm/z8uTYSN3dKOehJqF5+pLmM6leTrsUbpsCUqXPr8EaiUrzymYssSm8EbXIJK RlurPQAWyPmDP7XpRoZ3P4XmkPxSXjL5hgrCsrgii/Pfd0Y0J7j2bpaqiUbGxMWPCCcomQ aYavKyGn59tA7GAWrKe8EkWWMkSvNBy6sMRgdKrafYUiRL72EDO9s4uB3HBom2jnULmxsM 461DNQJqevCaNj+rcFDMsvT3S3aPRKd2VKjqpU+TXYwOsrKEEqh2crXxXtqQldDDseObyj v8C2t96jazP4St7ow5LZhX3toz5Adp1ryA3l3mqInPQpqmc8PzjhibF3+GxitA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1707757887; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=gzBziB4/nBL/m2cvPZ2cbzluSOfwU8Z10+/J59zL+OE=; b=Abj9HfSgkHVf1P/RHv6+3xpZ3yt8M7y/SEzoUQ606UANczTmUVQc5v6kniX3E+9mKPCoxl 6MVL7iPRsnGQyijCTKUlqytdS95mYoed2aXu60BCqmaF8Z+e31DEwo5hh1orVvMsAOZqpN knpAiRP4oDB8HZuBQ+BFlSWiSV4dxtdZsqmyuVa274W1s5HUvt9MRND35xhDd/qi0nILbh bAokuXvQPbmjlq6GsbzWopfLxSyTsL0Jip0xPGeqQVdwjgDEsVR6mSxHT1sbwWmnU/wnHx GY2bQpr40cwwz3WOEiCejexKkhAaQ+8BhA/A/9eYTXbhONGCGXh1BeoER5D9fQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4TYWFp6YSQzbRN; Mon, 12 Feb 2024 17:11:26 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 41CHBQil060496; Mon, 12 Feb 2024 17:11:26 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 41CHBQCa060493; Mon, 12 Feb 2024 17:11:26 GMT (envelope-from git) Date: Mon, 12 Feb 2024 17:11:26 GMT Message-Id: <202402121711.41CHBQCa060493@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Matthias Andree Subject: git: 424fb6c301d7 - main - security/vuxml: fix NS tag on body of Gitlab vuln entry List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: mandree X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 424fb6c301d76773b60be349ae7943ef6ab11484 Auto-Submitted: auto-generated The branch main has been updated by mandree: URL: https://cgit.FreeBSD.org/ports/commit/?id=424fb6c301d76773b60be349ae7943ef6ab11484 commit 424fb6c301d76773b60be349ae7943ef6ab11484 Author: Matthias Andree AuthorDate: 2024-02-12 17:09:51 +0000 Commit: Matthias Andree CommitDate: 2024-02-12 17:10:26 +0000 security/vuxml: fix NS tag on body of Gitlab vuln entry This fixes a vxquery warning (line number may vary): | Parsing failed @ line 4442: | Expected element in XHTML namespace. Security: 6e0ebb4a-5e75-11ee-a365-001b217b3468 --- security/vuxml/vuln/2023.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml index 40ca86777690..d9b02f61c794 100644 --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -2896,7 +2896,7 @@ Reported by Niccolo Belli and WIPocket (Github #400, #417). - +

Attacker can add other projects policy bot as member to their own project and use that bot to trigger pipelines in victims project

Group import allows impersonation of users in CI pipelines

Developers can bypass code owners approval by changing a MR's base branch