Bug 278642 - security/vuxml: references 2 CVE for www/glpi < 10.0.15
Summary: security/vuxml: references 2 CVE for www/glpi < 10.0.15
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Philip Paeps
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-04-28 19:51 UTC by Mathias Monnerville
Modified: 2024-04-29 10:49 UTC (History)
3 users (show)

See Also:

Attachments
CVE entry affecting glpi < 10.0.15 (1.33 KB, patch)
2024-04-28 19:51 UTC, Mathias Monnerville 		mathias: maintainer-approval+
Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mathias Monnerville 2024-04-28 19:51:48 UTC 
Created attachment 250287 [details]
CVE entry affecting glpi < 10.0.15

Related to the update to www/glpi to 10.0.15:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=278641

This patch includes one vuln entry referencing CVE-2024-31456 and CVE-2024-29889 fixed in GLPI 10.0.15.
Comment 1 commit-hook freebsd_committer freebsd_triage 2024-04-29 10:43:30 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=fc8db0625d9084fe6207904c4f91b48d986994ca

commit fc8db0625d9084fe6207904c4f91b48d986994ca
Author:     Mathias Monnerville <mathias@monnerville.com>
AuthorDate: 2024-04-28 19:51:00 +0000
Commit:     Philip Paeps <philip@FreeBSD.org>
CommitDate: 2024-04-29 10:39:04 +0000

    security/vuxml: CVEs affecting www/glpi < 10.0.15

    CVE-2024-31456 and CVE-2024-29889 were fixed in GLPI 10.0.15.

    PR:             278641
    PR:             278642

 security/vuxml/vuln/2024.xml | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
Comment 2 Philip Paeps freebsd_committer freebsd_triage 2024-04-29 10:49:41 UTC 
Thank you!