269655 – security/vuxml: document CVE-2023-22490 and CVE-2023-23946 for devel/git, www/gitlab-ce, …

Bug 269655 - security/vuxml: document CVE-2023-22490 and CVE-2023-23946 for devel/git, www/gitlab-ce, …

Summary: security/vuxml: document CVE-2023-22490 and CVE-2023-23946 for devel/git, www...

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Many People
Assignee:	Renato Botelho

URL:	https://about.gitlab.com/releases/202...
Keywords:	needs-patch, security

Depends on:
Blocks:

Reported:	2023-02-18 14:59 UTC by Graham Perrin
Modified:	2023-02-21 11:39 UTC (History)
CC List:	4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Graham Perrin freebsd_committer

2023-02-18 14:59:39 UTC

<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22490>

<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23946>

Comment 1 Fernando Apesteguía freebsd_committer

2023-02-20 07:20:53 UTC

^Triage: reporter is committer, assign accordingly

Comment 2 Matthias Fechner freebsd_committer

2023-02-20 08:14:36 UTC

Gitlab is only indirectly effected by this, but if you like, you can add an entry for it.
But it should be enough to document the vulnerability in git.

Comment 3 Fernando Apesteguía freebsd_committer

2023-02-20 21:32:04 UTC

Reassigning to committer who opened the issue.

Comment 4 commit-hook freebsd_committer

2023-02-21 11:38:07 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=945cff6a567218c48af80522dcd17c2056186b65

commit 945cff6a567218c48af80522dcd17c2056186b65
Author:     Renato Botelho <garga@FreeBSD.org>
AuthorDate: 2023-02-21 11:34:11 +0000
Commit:     Renato Botelho <garga@FreeBSD.org>
CommitDate: 2023-02-21 11:37:19 +0000

    security/vuxml: Document recent git CVEs

    Document CVEs fixed by devel/git 2.39.1 and 2.39.2:

    CVE-2022-41903
    CVE-2022-23521
    CVE-2023-22490
    CVE-2023-23946
    PR:             269655
    Sponsored by:   Rubicon Communications, LLC ("Netgate")

 security/vuxml/vuln/2023.xml | 146 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 146 insertions(+)