git: c57c61c1215a - main - security/vuxml: Document vulnerabilities in databases/mantis
Thomas Zander
riggs at FreeBSD.org
Sat Jul 10 12:52:48 UTC 2021
The branch main has been updated by riggs:
URL: https://cgit.FreeBSD.org/ports/commit/?id=c57c61c1215a844e149bc064660734de05c1c888
commit c57c61c1215a844e149bc064660734de05c1c888
Author: Thomas Zander <riggs at FreeBSD.org>
AuthorDate: 2021-07-10 12:51:01 +0000
Commit: Thomas Zander <riggs at FreeBSD.org>
CommitDate: 2021-07-10 12:51:01 +0000
security/vuxml: Document vulnerabilities in databases/mantis
PR: 257068
Reported by: Zoltan ALEXANDERSON BESSE <zab at zltech.eu>
---
security/vuxml/vuln-2021.xml | 36 ++++++++++++++++++++++++++++++++++++
1 file changed, 36 insertions(+)
diff --git a/security/vuxml/vuln-2021.xml b/security/vuxml/vuln-2021.xml
index cf02f4375c60..6b3c968fe90e 100644
--- a/security/vuxml/vuln-2021.xml
+++ b/security/vuxml/vuln-2021.xml
@@ -1,3 +1,39 @@
+ <vuln vid="9b1699ff-d84c-11eb-92d6-1b6ff3dfe4d3">
+ <topic>mantis -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>mantis-php73</name>
+ <name>mantis-php74</name>
+ <name>mantis-php80</name>
+ <range><lt>2.25.2,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mantis 2.25.1 and 2.25.2 releases report:</p>
+ <blockquote cite="https://mantisbt.org/bugs/changelog_page.php?version_id=362">
+ <p>Security and maintenance release, PHPMailer update to 6.5.0</p>
+ <ul>
+ <li>0028552: XSS in manage_custom_field_edit_page.php (CVE-2021-33557)</li>
+ <li>0028821: Update PHPMailer to 6.5.0 (CVE-2021-3603, CVE-2020-36326)</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2021-33557</cvename>
+ <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-33557</url>
+ <cvename>CVE-2021-3603</cvename>
+ <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-3603</url>
+ <cvename>CVE-2020-36326</cvename>
+ <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-36326</url>
+ </references>
+ <dates>
+ <discovery>2021-04-28</discovery>
+ <entry>2021-07-09</entry>
+ </dates>
+ </vuln>
+
<vuln vid="01974420-dfaf-11eb-ba49-001b217b3468">
<topic>Gitlab -- vulnerability</topic>
<affects>
More information about the dev-commits-ports-all
mailing list