From nobody Mon Apr 10 18:33:13 2023
X-Original-To: python@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PwHfN33vVz44d35
	for <python@mlmmj.nyi.freebsd.org>; Mon, 10 Apr 2023 18:33:16 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4PwHfM4Mpdz3wjV
	for <python@FreeBSD.org>; Mon, 10 Apr 2023 18:33:15 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1681151595;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=qHjN6Uwt0gkWuoNG5gMhL80qfuFpKg5bsEc0j6dBw4E=;
	b=xRR/XaeUrj7FNdlQGJ6X3U2fkWJdvKQpMEMRQo30Mm+Dd6D/DnHD4ieb7nfrrYamrd6WTL
	MnNRZR91w0JI1bdfyzBj6mAPp05OXcM5x3pIfPHx8SK+n+coH37UkpDupbNPwiHCSfXaBS
	x4BnSYgVD8Atq1efWpqrs9FOI1m/JcP21QhjHETCmVl5IHAQgM3TkUsOT2GUupMafvUeVu
	EBb7ZTpG1odF8WJlCbOKmf/FbDaCMmcHo8fC1j6Q5447W7On6lB+uidosOWJ+sQmbnthOM
	xyBxkle/UMUjtC94JNMeh4nc2pv2CP+3picCHjLBs2nUgGQwU4pKuVNSVLN6ug==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1681151595; a=rsa-sha256; cv=none;
	b=XlZ3s9d8xwfBcLQLtHTRuZQikBbVrcb/W04HzfdtCd2O6//kr8Q4SkkxMF86n8vCc72Eqr
	6E/YwZXmHrn72m9Psei+MwsYd27jpmYuLQDQb9Nis6JIRDiCVpu4RTEdpljHc5RPJJaHLY
	8tJ6jfmeRd6w+5SaQwNkcgnTU13cs8PpsotcTftmtDBIe94+OMTCgeRIR/xmjdMxmkLqXT
	jEr2eRE4e4NhmXcG7YtCE03F4gr2kBBlWLK2d95JGJvyToxluZMMFfzicAEK3pQPMqPL1N
	hV1kaitQWMKAVQ+Y6VULMCyOLae0yE+S45g0Lk/VOKyJsT7kqe+zWbgsJqTxVQ==
Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4PwHfM3TQMz11Nf
	for <python@FreeBSD.org>; Mon, 10 Apr 2023 18:33:15 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
	by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 33AIXF4K034469
	for <python@FreeBSD.org>; Mon, 10 Apr 2023 18:33:15 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
	by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 33AIXFfo034468
	for python@FreeBSD.org; Mon, 10 Apr 2023 18:33:15 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: python@FreeBSD.org
Subject: [Bug 270744] 20 VuXML new entries for vulnerable ports
Date: Mon, 10 Apr 2023 18:33:13 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Ports & Packages
X-Bugzilla-Component: Individual Port(s)
X-Bugzilla-Version: Latest
X-Bugzilla-Keywords: security
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: hubert.tournier@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: ports-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 bug_file_loc op_sys bug_status keywords bug_severity priority component
 assigned_to reporter cc attachments.created
Message-ID: <bug-270744-21822@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
List-Id: FreeBSD-specific Python issues <freebsd-python.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-python
List-Help: <mailto:python+help@freebsd.org>
List-Post: <mailto:python@freebsd.org>
List-Subscribe: <mailto:python+subscribe@freebsd.org>
List-Unsubscribe: <mailto:python+unsubscribe@freebsd.org>
Sender: owner-freebsd-python@freebsd.org
X-BeenThere: freebsd-python@freebsd.org
MIME-Version: 1.0
X-ThisMailContainsUnwantedMimeParts: N

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D270744

            Bug ID: 270744
           Summary: 20 VuXML new entries for vulnerable ports
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
               URL: https://github.com/HubTou/pysec2vuxml
                OS: Any
            Status: New
          Keywords: security
          Severity: Affects Many People
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-bugs@FreeBSD.org
          Reporter: hubert.tournier@gmail.com
                CC: 0mp@FreeBSD.org, amzo1337@gmail.com,
                    contato@kanazuchi.com, dvl@FreeBSD.org,
                    philip@FreeBSD.org, ports-secteam@FreeBSD.org,
                    ports@FreeBSD.org, python@FreeBSD.org,
                    sunpoet@FreeBSD.org, swills@FreeBSD.org,
                    yuri@freebsd.org
                CC: ports-secteam@FreeBSD.org

Created attachment 241403
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D241403&action=
=3Dedit
20 VuXML new entries for vulnerable ports

A second batch of new VuXML entries for vulnerable ports discovered with
pysec2vuxml (see https://github.com/HubTou/pysec2vuxml).

Others will follow as soon as possible.

Entries were verified with:
# cd /usr/ports/security/vuxml
# make validate

Here are the ports affected with their respective maintainers:

---------------------------------------------------------------------------=
----------------------------------
Vulns Package           Port path                 Port name              Po=
rt
version Maintainer=20=20=20=20=20=20=20=20=20=20=20=20=20
---------------------------------------------------------------------------=
----------------------------------
2     cinder            misc/py-cinder            py39-cinder=20=20=20=20=
=20=20=20=20=20=20=20
12.0.10_22   sunpoet@FreeBSD.org=20=20=20=20
2     tflite            misc/py-tflite            py39-tflite            2.=
3.0=20
      yuri@FreeBSD.org=20=20=20=20=20=20=20
2     impacket          net/py-impacket           py39-impacket=20=20=20=20=
=20=20=20=20=20
0.9.17_1     contato@kanazuchi.com=20=20
1     suds              net/py-suds               py39-suds              1.=
1.2=20
      sunpoet@FreeBSD.org=20=20=20=20
1     slixmpp           net-im/py-slixmpp         py39-slixmpp           1.=
7.1=20
      0mp@FreeBSD.org=20=20=20=20=20=20=20=20
1     nicotine-plus     net-p2p/py-nicotine-plus  py39-nicotine-plus=20=20=
=20=20
3.2.0_1      ports@FreeBSD.org=20=20=20=20=20=20
1     pymatgen          science/py-pymatgen       py39-pymatgen=20=20=20=20=
=20=20=20=20=20
2022.7.19    yuri@FreeBSD.org=20=20=20=20=20=20=20
3     tensorflow        science/py-tensorflow     py39-tensorflow=20=20=20=
=20=20=20=20
2.9.1_5      amzo1337@gmail.com=20=20=20=20=20
2     cryptography      security/py-cryptography  py39-cryptography=20=20=
=20=20=20
3.4.8_1,1    sunpoet@FreeBSD.org=20=20=20=20
1     kerberos          security/py-kerberos      py39-kerberos          1.=
3.1=20
      dvl@FreeBSD.org=20=20=20=20=20=20=20=20
6     pysaml2           security/py-pysaml24      py39-pysaml24=20=20=20=20=
=20=20=20=20=20
4.9.0_1      sunpoet@FreeBSD.org=20=20=20=20
3     ansible           sysutils/ansible          py39-ansible           7.=
1.0=20
      0mp@FreeBSD.org=20=20=20=20=20=20=20=20
2     psutil            sysutils/py-psutil121     py39-psutil121=20=20=20=
=20=20=20=20=20
1.2.1_2      swills@FreeBSD.org=20=20=20=20=20
1     beaker            www/py-beaker             py39-beaker            1.=
12.1
      python@FreeBSD.org=20=20=20=20=20=20
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
Python packages's FreeBSD ports =3D 4127
  vulnerable ports              =3D 41    (14 in this batch)
  vulnerable ports/version      =3D 46    (14 in this batch)
    vulnerabilities             =3D 140   (28 in this batch)
---------------------------------------------------------------------------=
----------------------------------

--=20
You are receiving this mail because:
You are on the CC list for the bug.=