Bug 270230

Summary:

security/vuxml: CVE-2023-25690 and CVE-2023-27522: linked page: 404, not found

Product:

Ports & Packages

Reporter:

Graham Perrin <grahamperrin>

Component:

Individual Port(s)

Assignee:

Ports Security Team <ports-secteam>

Status:

Open ---

Severity:

Affects Some People

CC:

grahamperrin, i.dani, michael.glaus

Priority:

---

Flags:

bugzilla: maintainer-feedback? (ports-secteam)

Version:

Latest

Hardware:

Any

OS:

Any

URL:

https://github.com/grahamperrin/freebsd-ports/commit/5b8077cf76862715de1c5015386ff297f1415f8e

See Also:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270037

Attachments:

Description	Flags
Remove empty cvname tag	none

Description Graham Perrin freebsd_committer

2023-03-15 00:17:16 UTC

Bug 270037 is fixed, and <https://www.freshports.org/vuxml.php?package=apache24> leads to <https://www.freshports.org/vuxml.php?vid=00919005-96a3-11ed-86e9-d4c9ef517024%7C0c2db2aa-5584-11e7-9a7d-b499baebfeaf%7C25b78bdd-25b8-11ec-a341-d4c9ef517024%7C4364e1f1-0f44-11e4-b090-20cf30e32f6d%7C457ce015-67fa-11e7-867f-b499baebfeaf%7C49adfbe5-e7d1-11ec-8fbd-d4c9ef517024%7C5804b9d4-a959-11e4-9363-20cf30e32f6d%7C6601c08d-a46c-11ec-8be6-d4c9ef517024%7C76700d2f-d959-11ea-b53c-d4c9ef517024%7C76b085e2-9d33-11e7-9260-000c292ee6b8%7C862d6ab3-c75e-11e6-9f98-20cf30e32f6d%7C882a38f9-17dd-11ec-b335-d4c9ef517024%7C8b1a50ab-8a8e-11e8-add2-b499baebfeaf%7C8edeb3c1-bfe7-11ed-96f5-3497f65b111b%7C91ecb546-b1e6-11e3-980f-20cf30e32f6d%7Ca12494c1-2af4-11e5-86ff-14dae9d210b8%7Cb360b120-74b1-11ea-a84a-4c72b94353b5%7Cca4d63fb-f15c-11e2-b183-20cf30e32f6d%7Cca982e2d-61a9-11ec-8be6-d4c9ef517024%7Ccaf545f2-c0d9-11e9-9051-4c72b94353b5%7Ccb0bf1ec-bb92-11e6-a9a5-b499baebfeaf%7Ccce76eca-ca16-11eb-9b84-d4c9ef517024%7Ccf2105c6-551b-11e9-b95c-b499baebfeaf%7Cd001c189-2793-11ec-8fb1-206a8a720317%7Ce182c076-c189-11e8-a6d2-b499baebfeaf%7Ce9d1e040-42c9-11e6-9608-20cf30e32f6d%7Ceb888ce5-1f19-11e9-be05-4c72b94353b5%7Cf38187e7-2f6e-11e8-8f07-b499baebfeaf>, but then, to the left of CVE-2023-27522 and CVE-2023-25690, the link to <https://www.vuxml.org/freebsd/8edeb3c1-bfe7-11ed-96f5-3497f65b111b.html> results in:

> 404 Not Found

Comment 1 Michael Glaus 2023-03-21 09:08:25 UTC

Created attachment 241033 [details]
Remove empty cvname tag

I noticed that the entry for jenkins vulnerabilities from 2023-03-09 included a empty <cvename> tag. Maybe this causes a problem during parsing of the file.

https://cgit.freebsd.org/ports/commit/?id=ef50a6277496459f96eff8bb96287995511ad5d4

The attached file contains a patch to remove the empty <cvename> tag.