Created attachment 241378 [details] VuXML new entries for 20 vulnerable ports A first batch of new VuXML entries for vulnerable ports discovered with pysec2vuxml (see https://github.com/HubTou/pysec2vuxml). Others will follow this week-end. Entries were verified with: # cd /usr/ports/security/vuxml # make validate
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=e79c831d316e20f53599db90a6083a274d5426cd commit e79c831d316e20f53599db90a6083a274d5426cd Author: Hubert Tournier <hubert.tournier@gmail.com> AuthorDate: 2023-04-10 06:35:10 +0000 Commit: Philip Paeps <philip@FreeBSD.org> CommitDate: 2023-04-10 06:38:03 +0000 security/vuxml: document 20 py*-* vulnerabilities Vulnerable Python ports discovered with pysec2vuxml. See also: <https://github.com/HubTou/pysec2vuxml>. PR: 270723 security/vuxml/vuln/2023.xml | 598 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 598 insertions(+)
Committed. Thanks!
Thank you! Here are the ports affected with their respective maintainers: ------------------------------------------------------------------------------------------------------------- Vulns Package Port path Port name Port version Maintainer ------------------------------------------------------------------------------------------------------------- 2 rencode converters/py-rencode py39-rencode 1.0.6_1 python@FreeBSD.org 1 Elixir databases/py-Elixir py39-Elixir 0.7.1_3 nivit@FreeBSD.org 5 lmdb databases/py-lmdb py39-lmdb 0.97 k@stereochro.me 2 redis databases/py-redis py39-redis 3.5.3_1 sunpoet@FreeBSD.org 4 sqlalchemy databases/py-sqlalchemy10 py39-sqlalchemy10 1.0.14 m.tsatsenko@gmail.com 4 sqlalchemy databases/py-sqlalchemy11 py39-sqlalchemy11 1.1.18 sunpoet@FreeBSD.org 2 sqlalchemy databases/py-sqlalchemy12 py39-sqlalchemy12 1.2.19 sunpoet@FreeBSD.org 2 celery devel/py-celery py39-celery 4.4.7 olgeni@FreeBSD.org 1 configobj devel/py-configobj py39-configobj 5.0.6_1 nivit@FreeBSD.org 2 joblib devel/py-joblib py39-joblib 1.1.0 skreuzer@FreeBSD.org 2 py devel/py-py py39-py 1.11.0 python@FreeBSD.org 1 sentry-sdk devel/py-sentry-sdk py39-sentry-sdk 1.5.12 0mp@FreeBSD.org 1 setuptools devel/py-setuptools py39-setuptools 63.1.0 python@FreeBSD.org 1 setuptools devel/py-setuptools44 py27-setuptools44 44.1.1 python@FreeBSD.org 1 setuptools devel/py-setuptools58 py39-setuptools58 58.5.3_2 python@FreeBSD.org 1 pycares dns/py-pycares py39-pycares 4.1.2 demon@FreeBSD.org 1 unicorn emulators/py-unicorn py39-unicorn 1.0.2 antoine@FreeBSD.org 1 OWSLib graphics/py-OWSLib py39-OWSLib 0.28.0 lbartoletti@FreeBSD.org 1 cinder misc/py-cinder py39-cinder 12.0.10_22 sunpoet@FreeBSD.org ============================================================================================================= Python packages's FreeBSD ports = 4115 vulnerable ports = 42 (15 in this batch) vulnerable ports/version = 47 (19 in this batch) vulnerabilities = 142 (35 in this batch) withdrawn vulnerabilities = 0 ------------------------------------------------------------------------------------------------------------- I'm continuing to convert the findings into new entries...