From nobody Tue Oct 15 15:03:56 2024 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XScn85fyZz5YYdQ; Tue, 15 Oct 2024 15:03:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4XScn857mFz45kQ; Tue, 15 Oct 2024 15:03:56 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1729004636; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=zyH0SklpryXXX/b76iv54fZ+AOwwSXz0VIdqUujoUFo=; b=jsgkVScIwgLfXj/wavRZG1qDGaRtRa4tMk9EC26WwgpsZ//eaXjP0HWOutvsUu629KQa0S 02dDDAyJznsamjUWVoljUKATrPs0Xo1zZkh2hRVas1rNqGn+b/zwkfV/koyw+9YOyPBHNS vo41+f+9JdEg8QncA5lC5GiLAPIlhR99gPjnpflwvRDIXcSpBEJKegqPDQ22JxPTp14t0Y nntt19q35j6UedNs82gx3XAEO3A1CK4zXb5M7jmSRcfEHOPs2lmZFzltZZedHZUCqfnwDK iUhF9Ffgq+iDuRVr5KOMqWqZH3I4j+XMkYfkGZpg7/NZfZ8EpZB31+OlZbchjg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1729004636; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=zyH0SklpryXXX/b76iv54fZ+AOwwSXz0VIdqUujoUFo=; b=wsi1agXBC9XkQvJ8UCJkZJUBEsfKgOzLZT0EXs2Zkb+22EMPpSYukFFGpuT8msOzLSayZD QKBPPBDnsNjp5SWzjIOT8Erc6G1Mpvro01tdCK7qQL1DoliPzM+gQb0abgTCZEONDeWyeA wjJ6DHccpxuyihXeZNBhcyLe87ZOqeXIgYiTmk5M4sEgrWEEvj7chjJUTMW3M/035u6J6o IJ77jocHhNHNaGVfMlCtshTU1/ub3NuMbZpUdqXq2rT7/d2OzR06RzSLqJ8FDJyzz1WSsm jwhmelj2iNeTRKEfTWiygUcV30u1qS9i1UwTHkOlHgLjDjGxXdIIrmYIkWg9qw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1729004636; a=rsa-sha256; cv=none; b=MxuLojucPBC2BK5SfJQTcueIH5Co7p+BFsP3d42rDiiOpE89zq++x78nOTsfGxiJFVwH5c H8RZ7bq+HQWNiuS+vl7WKaH/Oy6Qt7EpsM2CHSlGEmZ9Um86Bgf99bzJRCwVkBAFi5Rmd1 zQ9Y1A6JRvK2jYIeMfYMyiIAg66nVYCwFSl1+dKEI8siRNkvDX71gngc4siajQOmPkO+Sk r/avEPgSr5U6DCyPV7TmSPvbquVjz8x0wYhTIehDnIZVVUeU1g9mylK5SogvzMr9VvHgSd HCtc/Qzd2HPeTknoyX/Tem7bG9Mxo+MhO9ndkaKdQAC0iJ7Movbz/a4fanz5eA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4XScn84kp0zR8X; Tue, 15 Oct 2024 15:03:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 49FF3u06088359; Tue, 15 Oct 2024 15:03:56 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 49FF3u7L088356; Tue, 15 Oct 2024 15:03:56 GMT (envelope-from git) Date: Tue, 15 Oct 2024 15:03:56 GMT Message-Id: <202410151503.49FF3u7L088356@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Ashish SHUKLA Subject: git: 90a45de5e44a - main - security/vuxml: Document element-web vulnerability List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-ports-main@freebsd.org Sender: owner-dev-commits-ports-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: ashish X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 90a45de5e44a67951c6f59beb943e169190656d9 Auto-Submitted: auto-generated The branch main has been updated by ashish: URL: https://cgit.FreeBSD.org/ports/commit/?id=90a45de5e44a67951c6f59beb943e169190656d9 commit 90a45de5e44a67951c6f59beb943e169190656d9 Author: Ashish SHUKLA AuthorDate: 2024-10-15 14:59:57 +0000 Commit: Ashish SHUKLA CommitDate: 2024-10-15 15:03:24 +0000 security/vuxml: Document element-web vulnerability --- security/vuxml/vuln/2024.xml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index 9ab3e4a2a34e..b6086953409e 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -1,3 +1,36 @@ + + element-web -- Potential exposure of access token via authenticated media + + + element-web + 1.11.701.11.81 + + + + + +

Element team reports:

+
+

Element Web versions 1.11.70 through 1.11.80 contain a + vulnerability which can, under specially crafted conditions, + lead to the access token becoming exposed to third + parties. At least one vector has been identified internally, + involving malicious widgets, but other vectors may + exist. Users are strongly advised to upgrade to version + 1.11.81 to remediate the issue.

+
+ + + + CVE-2024-47779 + https://github.com/element-hq/element-web/security/advisories/GHSA-3jm3-x98c-r34x + + + 2024-10-15 + 2024-10-15 + + + vscode -- Visual Studio Code for Linux Remote Code Execution Vulnerability