Bug 281738 - security/vuxml add entry for expat < 2.6.3
Summary: security/vuxml add entry for expat < 2.6.3
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Fernando Apesteguía
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-09-27 05:51 UTC by FiLiS
Modified: 2024-09-27 08:44 UTC (History)
1 user (show)

See Also:
fernape: maintainer-feedback+

Attachments
add vuxml entry for expat < 2.6.3 (2.03 KB, patch)
2024-09-27 05:51 UTC, FiLiS 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description FiLiS freebsd_committer freebsd_triage 2024-09-27 05:51:58 UTC 
Created attachment 253843 [details]
add vuxml entry for expat < 2.6.3

the latest textproc/expat2 update fixed 3 vulnerabilities (CVE-2024-45490
CVE-2024-45491, CVE-2024-45492) which weren't added to vuxml
I hope the attached patch is correct and fixes this. :)
Comment 1 commit-hook freebsd_committer freebsd_triage 2024-09-27 08:43:39 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=47955717fc531fc03406f32b1c6737e9d57dac1b

commit 47955717fc531fc03406f32b1c6737e9d57dac1b
Author:     Fernando Apesteguía <fernape@FreeBSD.org>
AuthorDate: 2024-09-27 07:57:42 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2024-09-27 08:42:19 +0000

    security/vuxml: Add textproc/expat2 vulnerabilities

    CVE-2024-45490
    CVE-2024-45491
    CVE-2024-45492

    PR:             281738
    Reported by:    FiLiS <freebsdbugs@filis.org>

 security/vuxml/vuln/2024.xml | 48 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)
Comment 2 Fernando Apesteguía freebsd_committer freebsd_triage 2024-09-27 08:44:08 UTC 
Committed,

Thanks!