git: bc5176c12c42 - main - security/vuxml: document www/oauth2-proxy vulnerabilities

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Robert Clausecker <fuz_at_FreeBSD.org>
Date: Mon, 21 Oct 2024 09:37:23 UTC

The branch main has been updated by fuz:

URL: https://cgit.FreeBSD.org/ports/commit/?id=bc5176c12c42bc3424d5b8b2e9d0bb7f199a1e7f

commit bc5176c12c42bc3424d5b8b2e9d0bb7f199a1e7f
Author:     Robert Clausecker <fuz@FreeBSD.org>
AuthorDate: 2024-10-18 11:03:53 +0000
Commit:     Robert Clausecker <fuz@FreeBSD.org>
CommitDate: 2024-10-21 09:36:03 +0000

    security/vuxml: document www/oauth2-proxy vulnerabilities
    
    Reported by:    Matthias Wolf <freebsd@rheinwolf.de>
    PR:             282004
---
 security/vuxml/vuln/2024.xml | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml
index fdddd80eb80c..900d72de123d 100644
--- a/security/vuxml/vuln/2024.xml
+++ b/security/vuxml/vuln/2024.xml
@@ -1,3 +1,42 @@
+  <vuln vid="dbe8c5bd-8d3f-11ef-8d2e-a04a5edf46d9">
+    <topic>oauth2-proxy -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>oauth2-proxy</name>
+	<range><lt>7.7.0</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>The oauth2-proxy project reports:</p>
+	<blockquote cite="https://github.com/oauth2-proxy/oauth2-proxy/releases/tag/v7.7.0">
+	  <p>Vulnerabilities have been addressed:</p>
+	  <ul>
+	    <li>CVE-2024-24786</li>
+	    <li>CVE-2024-24791</li>
+	    <li>CVE-2024-24790</li>
+	    <li>CVE-2024-24784</li>
+	    <li>CVE-2024-28180</li>
+	    <li>CVE-2023-45288</li>
+	  </ul>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2024-24786</cvename>
+      <cvename>CVE-2024-24791</cvename>
+      <cvename>CVE-2024-24790</cvename>
+      <cvename>CVE-2024-24784</cvename>
+      <cvename>CVE-2024-28180</cvename>
+      <cvename>CVE-2024-45288</cvename>
+      <url>https://github.com/oauth2-proxy/oauth2-proxy/releases/tag/v7.7.0</url>
+    </references>
+    <dates>
+      <discovery>2024-10-02</discovery>
+      <entry>2024-10-18</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="c6f4177c-8e29-11ef-98e7-84a93843eb75">
     <topic>OpenSSL -- OOB memory access vulnerability</topic>
     <affects>