Bug 270923
| Summary: | security/vuxml: 18 new entries for vulnerable ports | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Hubert Tournier <hubert.tournier> | ||||
| Component: | Individual Port(s) | Assignee: | Kai Knoblich <kai> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Many People | CC: | ale, contact, grahamperrin, kai, meka, nivit, philip, ports, rt, skreuzer, sunpoet, ultima, wen | ||||
| Priority: | Normal | Keywords: | security | ||||
| Version: | Latest | Flags: | kai:
maintainer-feedback+
|
||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| URL: | https://github.com/HubTou/pysec2vuxml | ||||||
| Attachments: |
|
||||||
|
Description
Hubert Tournier
2023-04-19 00:23:21 UTC
@ports-secteam: Are any of you working on this? If not, I'd like to shepherd the patch into the Ports tree. I don't think anyone is looking at this one. Go for it! Thank you. A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=8862a8fe47b89e74fb40d1cd003f254f817c7290 commit 8862a8fe47b89e74fb40d1cd003f254f817c7290 Author: Hubert Tournier <hubert.tournier@gmail.com> AuthorDate: 2023-08-31 11:13:29 +0000 Commit: Kai Knoblich <kai@FreeBSD.org> CommitDate: 2023-08-31 11:13:29 +0000 security/vuxml: Document 18 py*-* vulnerabilities Vulnerable Python ports discovered with pysec2vuxml. See also: <https://github.com/HubTou/pysec2vuxml>. PR: 270923 Co-Authored by: kai security/vuxml/vuln/2023.xml | 607 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 607 insertions(+) A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=1bdf5449997cb2ab330504f221f3c5d4b83cab17 commit 1bdf5449997cb2ab330504f221f3c5d4b83cab17 Author: Kai Knoblich <kai@FreeBSD.org> AuthorDate: 2023-08-31 11:18:01 +0000 Commit: Kai Knoblich <kai@FreeBSD.org> CommitDate: 2023-08-31 11:18:01 +0000 textproc/py-dparse: Update to 0.6.3 * Add CPE related entries * Introduce CONDA option to reflect the settings as defined in "setup.py" * Simplify Makefile by switching to USE_PYTHON=pytest Changelog since 0.5.1: https://github.com/pyupio/dparse/compare/0.5.1...0.6.3 PR: 270923 [1] Reported by: Hubert Tournier [1] MFH: 2023Q3 Security: 83b29e3f-886f-439f-b9a8-72e014479ff9 textproc/py-dparse/Makefile | 32 +++++++++++++++++++------------- textproc/py-dparse/distinfo | 6 +++--- 2 files changed, 22 insertions(+), 16 deletions(-) A commit in branch 2023Q3 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=a05ad943d3212db0eccfa10137eb2ef984c058db commit a05ad943d3212db0eccfa10137eb2ef984c058db Author: Kai Knoblich <kai@FreeBSD.org> AuthorDate: 2023-08-31 11:18:01 +0000 Commit: Kai Knoblich <kai@FreeBSD.org> CommitDate: 2023-08-31 11:23:53 +0000 textproc/py-dparse: Update to 0.6.3 * Add CPE related entries * Introduce CONDA option to reflect the settings as defined in "setup.py" * Simplify Makefile by switching to USE_PYTHON=pytest Changelog since 0.5.1: https://github.com/pyupio/dparse/compare/0.5.1...0.6.3 PR: 270923 [1] Reported by: Hubert Tournier [1] MFH: 2023Q3 Security: 83b29e3f-886f-439f-b9a8-72e014479ff9 (cherry picked from commit 1bdf5449997cb2ab330504f221f3c5d4b83cab17) textproc/py-dparse/Makefile | 32 +++++++++++++++++++------------- textproc/py-dparse/distinfo | 6 +++--- 2 files changed, 22 insertions(+), 16 deletions(-) (In reply to Hubert Tournier from comment #0) Committed, thanks for the entries and CC'ing the maintainers! Unfortunately, quite time has passed, so I have adjusted the entry dates accordingly to match reality. I also noticed that exactly one character was missing from the entry with the VID c2c89dea-2859-4231-8f3b-12be0d475ff. I have padded this with a leading zero: > c2c89dea-2859-4231-8f3b-12be0d475ff -> c2c89dea-2859-4231-8f3b-012be0d475ff A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=f58017fbbf3f23ae9073f0202fb3758ec5d0f0a5 commit f58017fbbf3f23ae9073f0202fb3758ec5d0f0a5 Author: Kai Knoblich <kai@FreeBSD.org> AuthorDate: 2023-09-03 07:59:25 +0000 Commit: Kai Knoblich <kai@FreeBSD.org> CommitDate: 2023-09-03 07:59:25 +0000 textproc/py-markdown2: Update to 2.4.10 * Introduce SYNTAX and WAVEDROM options to reflect the settings in setup.py accordingly. * Make the port concurrent safe as it installs a script outside of Python's site-lib directory. * Update WWW as the repository has moved to a new location. * Hook up the test suite. Changelog since 2.3.6: https://github.com/trentm/python-markdown2/compare/2.3.6...2.4.10 PR: 273513, 270923 [1] Reported by: Hubert Tournier [1] Approved by: wen (maintainer) MFH: 2023Q3 Security: c9b3324f-8e03-4ae3-89ce-8098cdc5bfa9 [1] cf6f3465-e996-4672-9458-ce803f29fdb7 [1] textproc/py-markdown2/Makefile | 25 +++++++++++++++++++++---- textproc/py-markdown2/distinfo | 6 +++--- 2 files changed, 24 insertions(+), 7 deletions(-) A commit in branch 2023Q3 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=7cac28e6977bfded94c707a0f09cf8ecb7344da0 commit 7cac28e6977bfded94c707a0f09cf8ecb7344da0 Author: Kai Knoblich <kai@FreeBSD.org> AuthorDate: 2023-09-03 07:59:25 +0000 Commit: Kai Knoblich <kai@FreeBSD.org> CommitDate: 2023-09-03 08:20:24 +0000 textproc/py-markdown2: Update to 2.4.10 * Introduce SYNTAX and WAVEDROM options to reflect the settings in setup.py accordingly. * Make the port concurrent safe as it installs a script outside of Python's site-lib directory. * Update WWW as the repository has moved to a new location. * Hook up the test suite. Changelog since 2.3.6: https://github.com/trentm/python-markdown2/compare/2.3.6...2.4.10 PR: 273513, 270923 [1] Reported by: Hubert Tournier [1] Approved by: wen (maintainer) MFH: 2023Q3 Security: c9b3324f-8e03-4ae3-89ce-8098cdc5bfa9 [1] cf6f3465-e996-4672-9458-ce803f29fdb7 [1] (cherry picked from commit f58017fbbf3f23ae9073f0202fb3758ec5d0f0a5) textproc/py-markdown2/Makefile | 25 +++++++++++++++++++++---- textproc/py-markdown2/distinfo | 6 +++--- 2 files changed, 24 insertions(+), 7 deletions(-) |
