274159 – security/vuxml: krb5-1.20 is not vulnerable to CVE-2023-39975

Bug 274159 - security/vuxml: krb5-1.20 is not vulnerable to CVE-2023-39975

Summary: security/vuxml: krb5-1.20 is not vulnerable to CVE-2023-39975

Status:	New

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Ports Security Team

URL:
Keywords:

Depends on:
Blocks:

Reported:	2023-09-29 18:00 UTC by Garrett Wollman
Modified:	2024-02-15 18:49 UTC (History)
CC List:	0 users

See Also:

Flags:	bugzilla: maintainer-feedback? (cy)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Garrett Wollman freebsd_committer

2023-09-29 18:00:33 UTC

`pkg audit` erroneously reports krb5-1.20.2 as vulnerable to CVE-2023-39975 but this applies only to 1.21 and higher.

Fix: adjust VuXML entry a6986f0f-3ac0-11ee-9a88-206a8a720317 to exclude krb5 < 1.21.

Comment 1 Garrett Wollman freebsd_committer

2024-02-15 18:49:18 UTC

Hello, is anyone actually monitoring bugzilla any more?