Re: git: 05d4a95e7f58 - main - security/vuxml: Add devel/binutils < 2.43

From: Jason E. Hale <jhale_at_freebsd.org>
Date: Sat, 07 Sep 2024 05:16:01 UTC 
On Fri, Sep 6, 2024 at 10:52 AM Cy Schubert <cy@freebsd.org> wrote:
>
> The branch main has been updated by cy:
>
> URL: https://cgit.FreeBSD.org/ports/commit/?id=05d4a95e7f58d75a6a2cf7321751c50ee5d42568
>
> commit 05d4a95e7f58d75a6a2cf7321751c50ee5d42568
> Author:     Cy Schubert <cy@FreeBSD.org>
> AuthorDate: 2024-09-06 14:51:48 +0000
> Commit:     Cy Schubert <cy@FreeBSD.org>
> CommitDate: 2024-09-06 14:52:09 +0000
>
>     security/vuxml: Add devel/binutils < 2.43
> ---
>  security/vuxml/vuln/2024.xml | 32 ++++++++++++++++++++++++++++++++
>  1 file changed, 32 insertions(+)
>
> diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml
> index f4f89e3aaea7..613a37f8dfa3 100644
> --- a/security/vuxml/vuln/2024.xml
> +++ b/security/vuxml/vuln/2024.xml
> @@ -1,3 +1,35 @@
> +  <vuln vid="943f8915-6c5d-11ef-810a-f8b46a88f42c">
> +    <topic> -- </topic>
> +    <affects>
> +      <package>
> +       <name>binutils</name>
> +       <range><lt>2.43</lt></range>
> +      </package>
> +    </affects>
> +    <description>
> +       <body xmlns="http://www.w3.org/1999/xhtml">
> +       <p>alster@vinterdalen.se reports PR/281070:</p>
> +       <blockquote cite="INSERT URL HERE">
> +         <p>A new version of devel/binutils has been released fixing
> +            CVE-2023-1972, CVE-2023-25585, CVE-2023-25586, and
> +            CVE-2023-25588.
> +         </p>
> +       </blockquote>
> +       </body>
> +    </description>
> +    <references>
> +      <url>https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281070</url>
> +      <cvename>CVE-2023-1972</cvename>
> +      <cvename>CVE-2023-25585</cvename>
> +      <cvename>CVE-2023-25586</cvename>
> +      <cvename>CVE-2023-25588</cvename>
> +    </references>
> +    <dates>
> +      <discovery>2024-08-25</discovery>
> +      <entry>2024-09-06</entry>
> +    </dates>
> +  </vuln>
> +
>    <vuln vid="f5d0cfe7-6ba6-11ef-858b-23eeba13701a">
>      <topic>gitea -- multiple issues</topic>
>      <affects>

In addition to what bapt said, <topic> is not filled out and the
"INSERT URL HERE" should be addressed in <blockquote>.

- Jason