git: 6892e780d7d0 - main - security/vuxml: Add www/qt5-webengine < 5.15.18p2
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 01 Nov 2024 00:44:14 UTC
The branch main has been updated by jhale: URL: https://cgit.FreeBSD.org/ports/commit/?id=6892e780d7d0e0840ce737cbe41589f2468bc2a2 commit 6892e780d7d0e0840ce737cbe41589f2468bc2a2 Author: Jason E. Hale <jhale@FreeBSD.org> AuthorDate: 2024-11-01 00:41:09 +0000 Commit: Jason E. Hale <jhale@FreeBSD.org> CommitDate: 2024-11-01 00:41:09 +0000 security/vuxml: Add www/qt5-webengine < 5.15.18p2 Fix indentation issues caught by `make validate` for previous entry. --- security/vuxml/vuln/2024.xml | 78 +++++++++++++++++++++++++++++++++++++------- 1 file changed, 67 insertions(+), 11 deletions(-) diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index b3bbd1b07135..a74986da6255 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -1,22 +1,78 @@ + <vuln vid="3092668e-97e4-11ef-bdd9-4ccc6adda413"> + <topic>qt5-webengine -- Multiple vulnerabilities</topic> + <affects> + <package> + <name>qt5-webengine</name> + <range><lt>5.15.18p2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <blockquote cite="https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=87-based"> + <p>Backports for 15 security bugs in Chromium:</p> + <ul> + <li>CVE-2024-4761: Out of bounds write in V8</li> + <li>CVE-2024-5158: Type confusion in V8</li> + <li>CVE-2024-7532: Out of bounds memory access in ANGLE</li> + <li>CVE-2024-7965: Inappropriate implementation in V8</li> + <li>CVE-2024-7967: Heap buffer overflow in Fonts</li> + <li>CVE-2024-7971: Type confusion in V8</li> + <li>CVE-2024-8198: Heap buffer overflow in Skia</li> + <li>CVE-2024-8636: Heap buffer overflow in Skia</li> + <li>CVE-2024-9123: Integer overflow in Skia</li> + <li>CVE-2024-9602: Type confusion in V8</li> + <li>CVE-2024-9603: Type confusion in V8</li> + <li>CVE-2024-10229: Inappropriate implementation in Extensions</li> + <li>CVE-2024-45490: Negative length in libexpat</li> + <li>CVE-2024-45491: Integer overflow in libexpat</li> + <li>CVE-2024-45492: Integer overflow in libexpat</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2024-4761</cvename> + <cvename>CVE-2024-5158</cvename> + <cvename>CVE-2024-7532</cvename> + <cvename>CVE-2024-7965</cvename> + <cvename>CVE-2024-7967</cvename> + <cvename>CVE-2024-7971</cvename> + <cvename>CVE-2024-8198</cvename> + <cvename>CVE-2024-8636</cvename> + <cvename>CVE-2024-9123</cvename> + <cvename>CVE-2024-9602</cvename> + <cvename>CVE-2024-9603</cvename> + <cvename>CVE-2024-10229</cvename> + <cvename>CVE-2024-45490</cvename> + <cvename>CVE-2024-45491</cvename> + <cvename>CVE-2024-45492</cvename> + <url>https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=87-based</url> + </references> + <dates> + <discovery>2024-09-18</discovery> + <entry>2024-10-31</entry> + </dates> + </vuln> + <vuln vid="fd538d14-5778-4764-b321-2ddd61a8a58f"> <topic>keycloak -- Missing server identity checks when sending mails via SMTPS</topic> <affects> <package> - <name>keycloak</name> - <range><lt>26.0.4</lt></range> + <name>keycloak</name> + <range><lt>26.0.4</lt></range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> - <p>Red Hat reports:</p> - <blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=2315808"> - <p>A vulnerability was found in Apache Sling Commons Messaging - Mail(angus-mail), which provides a simple interface for sending - emails via SMTPS in OSGi, does not offer an option to enable - server identity checks, leaving connections vulnerable to - "man-in-the-middle" attacks and can allow insecure email - communication.</p> - </blockquote> + <p>Red Hat reports:</p> + <blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=2315808"> + <p>A vulnerability was found in Apache Sling Commons Messaging + Mail(angus-mail), which provides a simple interface for sending + emails via SMTPS in OSGi, does not offer an option to enable + server identity checks, leaving connections vulnerable to + "man-in-the-middle" attacks and can allow insecure email + communication.</p> + </blockquote> </body> </description> <references>