git: 05933df68ac7 - main - security/vuxml: Add record for net/keycloak
Date: Tue, 14 Jan 2025 16:11:38 UTC
The branch main has been updated by vvd:
URL: https://cgit.FreeBSD.org/ports/commit/?id=05933df68ac7ae7752a8675eba10a0e0e16cfacb
commit 05933df68ac7ae7752a8675eba10a0e0e16cfacb
Author: Matthias Wolf <freebsd@rheinwolf.de>
AuthorDate: 2025-01-14 16:05:52 +0000
Commit: Vladimir Druzenko <vvd@FreeBSD.org>
CommitDate: 2025-01-14 16:11:09 +0000
security/vuxml: Add record for net/keycloak
CVE-2024-11736 Unrestricted admin use of system and environment variables
CVE-2024-11734 Denial of Service in Keycloak Server via Security Headers
Security: CVE-2024-11734
Security: CVE-2024-11736
PR: 284058
---
security/vuxml/vuln/2025.xml | 30 ++++++++++++++++++++++++++++++
1 file changed, 30 insertions(+)
diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml
index e2bd8727d1c4..f202dc01a5e7 100644
--- a/security/vuxml/vuln/2025.xml
+++ b/security/vuxml/vuln/2025.xml
@@ -1,3 +1,33 @@
+ <vuln vid="7d7a28cd-7f5a-450a-852f-c49aaab3fa7e">
+ <topic>keycloak -- Multiple security fixes</topic>
+ <affects>
+ <package>
+ <name>keycloak</name>
+ <range><lt>26.0.8</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Keycloak reports:</p>
+ <blockquote cite="https://www.keycloak.org/2024/11/keycloak-2606-released.html">
+ <p>This update includes 2 security fixes:</p>
+ <ul>
+ <li>CVE-2024-11734: Unrestricted admin use of system and environment variables</li>
+ <li>CVE-2024-11736: Denial of Service in Keycloak Server via Security Headers</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2024-11734</cvename>
+ <cvename>CVE-2024-11736</cvename>
+ </references>
+ <dates>
+ <discovery>2025-01-13</discovery>
+ <entry>2025-01-13</entry>
+ </dates>
+ </vuln>
+
<vuln vid="7624c151-d116-11ef-b232-b42e991fc52e">
<topic>asterisk - path traversal</topic>
<affects>