Bug 264782

Summary: security/vuxml: add CVE entries related to www/mitmproxy
Product: Ports & Packages Reporter: Hung-Yi Chen <gaod>
Component: Individual Port(s)Assignee: Li-Wen Hsu <lwhsu>
Status: Closed FIXED    
Severity: Affects Only Me CC: lwhsu, ports-secteam
Priority: ---    
Version: Latest   
Hardware: Any   
OS: Any   
URL: https://github.com/mitmproxy/mitmproxy/commit/b06fb6d157087d526bd02e7aadbe37c56865c71b
Bug Depends on:    
Bug Blocks: 264426    
Attachments:
Description Flags
add CVE entries related to www/mitmproxy none

Description Hung-Yi Chen 2022-06-20 08:27:20 UTC 
Created attachment 234809 [details]
add CVE entries related to www/mitmproxy

* CVE-2022-24766, https://github.com/mitmproxy/mitmproxy/commit/b06fb6d157087d526bd02e7aadbe37c56865c71b
Comment 1 p5B2EA84B3 2022-06-20 13:47:07 UTC 
I do not see any sense creating a block to PR 264426
Please focus on upgrading the mitmproxy port in a timely manner, please!
Comment 2 Li-Wen Hsu freebsd_committer freebsd_triage 2022-06-20 13:52:32 UTC 
(In reply to p5B2EA84B3 from comment #1)
This is for committing (pushing) the vuxml and updating the port for a preferred order. We firstly create a vuxml entry, then put the vuln id in the commit message of updating mitmproxy. Yes this is listed as blocking issue, but it can be solved trivially.  We can of course commit and push it anytime, but it doesn't make much sense without updating mitmproxy in the same time. Yes people are focusing on updating mitmproxy so that we can update things together. If possible, you can join the effort on updating it or support the work in any kind of approaches, all of them will be a great help.
Comment 3 commit-hook freebsd_committer freebsd_triage 2022-06-20 14:10:58 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=e6fdd8b6c34ba8a5b747cbbf35b252d934b75785

commit e6fdd8b6c34ba8a5b747cbbf35b252d934b75785
Author:     Hung-Yi Chen <gaod@hychen.org>
AuthorDate: 2022-06-20 14:07:06 +0000
Commit:     Li-Wen Hsu <lwhsu@FreeBSD.org>
CommitDate: 2022-06-20 14:09:26 +0000

    security/vuxml: Add CVE-2022-24766 for www/mitmproxy

    PR:             264782

 security/vuxml/vuln-2022.xml | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)
Comment 4 Kubilay Kocak freebsd_committer freebsd_triage 2022-06-20 23:31:31 UTC 
(In reply to p5B2EA84B3 from comment #1)

Blocked just means that in order to consider the blocked issue 'resolved', the blocking issue must also be resolved.