[Bug 260534] devel/opengrok security vulnerability CVE-2021-2322

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sun, 19 Dec 2021 07:08:26 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260534

            Bug ID: 260534
           Summary: devel/opengrok security vulnerability CVE-2021-2322
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: truckman@FreeBSD.org
          Reporter: luke@foolishgames.com
          Assignee: truckman@FreeBSD.org
             Flags: maintainer-feedback?(truckman@FreeBSD.org)

The current version of devel/opengrok is vulnerable to an easy exploitable
issue that allows remote takeover of the opengrok instance. 

https://www.cvedetails.com/cve/CVE-2021-2322/

Needs to be updated past 1.6.7 to fix and perhaps a mention in the
security/vuxml file

-- 
You are receiving this mail because:
You are the assignee for the bug.