Bug 255552 - security/vuxml: Document command injection vulnerability in RDoc
Summary: security/vuxml: Document command injection vulnerability in RDoc
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Koichiro Iwao
URL:
Keywords:
Depends on:
Blocks: 255553
  Show dependency treegraph
 
Reported: 2021-05-02 20:07 UTC by Yasuhiro Kimura
Modified: 2021-05-03 14:14 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (ports-secteam)


Attachments
Patch file (1.93 KB, patch)
2021-05-02 20:07 UTC, Yasuhiro Kimura
no flags Details | Diff
Updated patch file (1.95 KB, patch)
2021-05-03 11:47 UTC, Yasuhiro Kimura
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Yasuhiro Kimura 2021-05-02 20:07:20 UTC
Created attachment 224615 [details]
Patch file

Document command injection vulnerability in RDoc.
Comment 1 Yasuhiro Kimura 2021-05-03 11:47:40 UTC
Created attachment 224628 [details]
Updated patch file

Chase update of ports tree.
Comment 2 commit-hook freebsd_committer 2021-05-03 14:04:55 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=4689236288cc83f50bf133cd253dcc58ce61ad54

commit 4689236288cc83f50bf133cd253dcc58ce61ad54
Author:     Koichiro Iwao <meta@FreeBSD.org>
AuthorDate: 2021-05-03 13:59:52 +0000
Commit:     Koichiro Iwao <meta@FreeBSD.org>
CommitDate: 2021-05-03 13:59:52 +0000

    security/vuxml: Document command injection vulnerability in RDoc

    PR:             255552
    Reported by:    Yasuhiro Kimura <yasu@utahime.org>
    Security:       CVE-2021-31799

 security/vuxml/vuln.xml | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
Comment 3 Koichiro Iwao freebsd_committer 2021-05-03 14:14:42 UTC
Committed, thanks!