Bug 278642

Summary: security/vuxml: references 2 CVE for www/glpi < 10.0.15
Product: Ports & Packages Reporter: Mathias Monnerville <mathias>
Component: Individual Port(s)Assignee: Philip Paeps <philip>
Status: Closed FIXED    
Severity: Affects Many People CC: mathias, philip, ports-secteam
Priority: ---    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
CVE entry affecting glpi < 10.0.15 mathias: maintainer-approval+

Description Mathias Monnerville 2024-04-28 19:51:48 UTC 
Created attachment 250287 [details]
CVE entry affecting glpi < 10.0.15

Related to the update to www/glpi to 10.0.15:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=278641

This patch includes one vuln entry referencing CVE-2024-31456 and CVE-2024-29889 fixed in GLPI 10.0.15.
Comment 1 commit-hook freebsd_committer freebsd_triage 2024-04-29 10:43:30 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=fc8db0625d9084fe6207904c4f91b48d986994ca

commit fc8db0625d9084fe6207904c4f91b48d986994ca
Author:     Mathias Monnerville <mathias@monnerville.com>
AuthorDate: 2024-04-28 19:51:00 +0000
Commit:     Philip Paeps <philip@FreeBSD.org>
CommitDate: 2024-04-29 10:39:04 +0000

    security/vuxml: CVEs affecting www/glpi < 10.0.15

    CVE-2024-31456 and CVE-2024-29889 were fixed in GLPI 10.0.15.

    PR:             278641
    PR:             278642

 security/vuxml/vuln/2024.xml | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
Comment 2 Philip Paeps freebsd_committer freebsd_triage 2024-04-29 10:49:41 UTC 
Thank you!