Bug 255552

Summary: security/vuxml: Document command injection vulnerability in RDoc
Product: Ports & Packages Reporter: Yasuhiro Kimura <yasu>
Component: Individual Port(s)Assignee: Koichiro Iwao <meta>
Status: Closed FIXED    
Severity: Affects Only Me CC: meta
Priority: --- Flags: bugzilla: maintainer-feedback? (ports-secteam)
Version: Latest   
Hardware: Any   
OS: Any   
Bug Depends on:    
Bug Blocks: 255553    
Attachments:
Description Flags
Patch file
none
Updated patch file none

Description Yasuhiro Kimura freebsd_committer freebsd_triage 2021-05-02 20:07:20 UTC 
Created attachment 224615 [details]
Patch file

Document command injection vulnerability in RDoc.
Comment 1 Yasuhiro Kimura freebsd_committer freebsd_triage 2021-05-03 11:47:40 UTC 
Created attachment 224628 [details]
Updated patch file

Chase update of ports tree.
Comment 2 commit-hook freebsd_committer freebsd_triage 2021-05-03 14:04:55 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=4689236288cc83f50bf133cd253dcc58ce61ad54

commit 4689236288cc83f50bf133cd253dcc58ce61ad54
Author:     Koichiro Iwao <meta@FreeBSD.org>
AuthorDate: 2021-05-03 13:59:52 +0000
Commit:     Koichiro Iwao <meta@FreeBSD.org>
CommitDate: 2021-05-03 13:59:52 +0000

    security/vuxml: Document command injection vulnerability in RDoc

    PR:             255552
    Reported by:    Yasuhiro Kimura <yasu@utahime.org>
    Security:       CVE-2021-31799

 security/vuxml/vuln.xml | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
Comment 3 Koichiro Iwao freebsd_committer freebsd_triage 2021-05-03 14:14:42 UTC 
Committed, thanks!