[Bug 268656] www/minio: multiple vulnerabilities

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 30 Dec 2022 14:58:57 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=268656

            Bug ID: 268656
           Summary: www/minio: multiple vulnerabilities
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: Individual Port(s)
          Assignee: swills@FreeBSD.org
          Reporter: adam@omega.org.uk
             Flags: maintainer-feedback?(swills@FreeBSD.org)
          Assignee: swills@FreeBSD.org

The version of minio in ports appears to be vulnerable to three issues:

I attempted to report this privately via the ports security team email address
for inclusion in VuXML, however it was not responded to - apologies if that
email address, or if reporting the issues here is not the correct process to
follow.

The highest severity has a CVSS2 score of 8.8.

 Advisory:  
https://github.com/minio/minio/security/advisories/GHSA-gr9v-6pcm-rqvg
 CVE:        CVE-2022-35919
 Introduced: RELEASE.2020-07-24T22-43-05Z
 Fixed:      RELEASE.2022-07-29T19-40-48Z

 Advisory:  
https://github.com/minio/minio/security/advisories/GHSA-qrpr-r3pw-f636
 CVE:        CVE-2022-31028
 Introduced: RELEASE.2019-09-25T18-25-51Z
 Fixed:      RELEASE.2022-06-02T02-11-04Z

 Advisory:  
https://github.com/minio/minio/security/advisories/GHSA-2j69-jjmg-534q
 CVE:        CVE-2022-24842
 Introduced: RELEASE.2021-12-09T06-19-41Z
 Fixed:      RELEASE.2022-04-12T06-55-35Z

-- 
You are receiving this mail because:
You are the assignee for the bug.