Created attachment 247481 [details] patch for vuxml entry Mantis version <2.25.8 is affected by some security issues CVEs: CVE-2023-29197 and CVE-2023-44394
Testing the patch: [16:35 pkg01 dan ~/ports/head/security/vuxml] % make validate xmllint -noent /usr/home/dan/ports/head/security/vuxml/vuln.xml > /usr/home/dan/ports/head/security/vuxml/vuln-flat.xml /bin/sh /usr/home/dan/ports/head/security/vuxml/files/tidy.sh "/usr/home/dan/ports/head/security/vuxml/files/tidy.xsl" "/usr/home/dan/ports/head/security/vuxml/vuln-flat.xml" > "/usr/home/dan/ports/head/security/vuxml/vuln.xml.tidy" >>> Validating... /usr/local/bin/xmllint --valid --noout /usr/home/dan/ports/head/security/vuxml/vuln-flat.xml warning : xmlAddEntity: invalid redeclaration of predefined entity 'lt' warning : xmlAddEntity: invalid redeclaration of predefined entity 'amp' >>> Successful. Checking if tidy differs... ... seems okay Checking for space/tab... ... seems okay /usr/local/bin/python3.9 /usr/home/dan/ports/head/security/vuxml/files/extra-validation.py /usr/home/dan/ports/head/security/vuxml/vuln-flat.xml [16:35 pkg01 dan ~/ports/head/security/vuxml] %
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=facd1dc023724ea1abd483840d1adf31aedf204c commit facd1dc023724ea1abd483840d1adf31aedf204c Author: Dan Langille <dvl@FreeBSD.org> AuthorDate: 2024-01-06 16:41:52 +0000 Commit: Dan Langille <dvl@FreeBSD.org> CommitDate: 2024-01-06 16:44:06 +0000 security/vuxml: add databases/mantis-php* < 2.25.8 Obtained from https://mantisbt.org/bugs/changelog_page.php?version_id=370 PR: 276146 security/vuxml/vuln/2024.xml | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+)