Bug 269147

Summary: security/vuxml: document CVE-2018-21232 for devel/re2c < 2.0
Product: Ports & Packages Reporter: Graham Perrin <grahamperrin>
Component: Individual Port(s)Assignee: Nuno Teixeira <eduardo>
Status: Closed FIXED    
Severity: Affects Many People CC: chalpin, eduardo, ports-secteam
Priority: Normal Keywords: needs-patch, security
Version: Latest   
Hardware: Any   
OS: Any   
URL: https://github.com/advisories/GHSA-pgr8-gpgg-9j5m
See Also: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=257966
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=269146

Description Graham Perrin freebsd_committer freebsd_triage 2023-01-25 07:22:45 UTC 
As far as I can tell, this was fixed with <https://cgit.freebsd.org/ports/commit/?id=2bf3900fc8bfca9c896d6d844e336663a40fbfa9>, however there's no sign of a former vulnerability at 
<https://www.freshports.org/devel/re2c/>.
Comment 1 commit-hook freebsd_committer freebsd_triage 2023-01-25 08:14:45 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=1e6f41078eae790b4bf937e6a78c2f4c74bdda24

commit 1e6f41078eae790b4bf937e6a78c2f4c74bdda24
Author:     Nuno Teixeira <eduardo@FreeBSD.org>
AuthorDate: 2023-01-25 08:11:56 +0000
Commit:     Nuno Teixeira <eduardo@FreeBSD.org>
CommitDate: 2023-01-25 08:11:56 +0000

    security/vuxml: Document CVE-2018-21232 for devel/re2c < 2.0

    PR:             269147
    Reported by:    grahamperrin

 security/vuxml/vuln/2023.xml | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
Comment 2 Nuno Teixeira freebsd_committer freebsd_triage 2023-01-25 08:16:30 UTC 
Committed, thanks!