[Bug 269221] security/vuxml: document CVE-2017-11610 and CVE-2019-12105 for outdated versions of sysutils/py-supervisor
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 269221] security/vuxml: document CVE-2017-11610 and CVE-2019-12105 for outdated versions of sysutils/py-supervisor"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 269221] security/vuxml: document CVE-2017-11610 and CVE-2019-12105 for outdated versions of sysutils/py-supervisor"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 29 Jan 2023 11:36:35 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=269221
Bug ID: 269221
Summary: security/vuxml: document CVE-2017-11610 and
CVE-2019-12105 for outdated versions of
sysutils/py-supervisor
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Many People
Priority: ---
Component: Individual Port(s)
Assignee: ports-bugs@FreeBSD.org
Reporter: grahamperrin@freebsd.org
CC: ports-secteam@FreeBSD.org, thomas@gibfest.dk
CC: ports-secteam@FreeBSD.org, thomas@gibfest.dk
CVE-2019-12105 alone might be negligible (not worth a VuXML entry).
<https://github.com/advisories/GHSA-6x94-2xr2-xgw3>
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-12105>
CVE-2017-11610 is more significant. If there'll be an entry for this one, then
there may as well be an entry for both.
<https://github.com/advisories/GHSA-x7c8-4x3h-874w>
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-11610>
> The XML-RPC server in supervisor before 3.0.1,
> 3.1.x before 3.1.4,
> 3.2.x before 3.2.4, and
> 3.3.x before 3.3.3 allows remote authenticated users to execute
> arbitrary commands via a crafted XML-RPC request, related to
> nested supervisord namespace lookups.
--
You are receiving this mail because:
You are the assignee for the bug.