269147 – security/vuxml: document CVE-2018-21232 for devel/re2c < 2.0

Bug 269147 - security/vuxml: document CVE-2018-21232 for devel/re2c < 2.0

Summary: security/vuxml: document CVE-2018-21232 for devel/re2c < 2.0

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Many People
Assignee:	Nuno Teixeira

URL:	https://github.com/advisories/GHSA-pg...
Keywords:	needs-patch, security

Depends on:
Blocks:

Reported:	2023-01-25 07:22 UTC by Graham Perrin
Modified:	2023-01-25 08:16 UTC (History)
CC List:	3 users (show)

See Also:	257966 re2c-3.0

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Graham Perrin freebsd_committer

2023-01-25 07:22:45 UTC

As far as I can tell, this was fixed with <https://cgit.freebsd.org/ports/commit/?id=2bf3900fc8bfca9c896d6d844e336663a40fbfa9>, however there's no sign of a former vulnerability at 
<https://www.freshports.org/devel/re2c/>.

Comment 1 commit-hook freebsd_committer

2023-01-25 08:14:45 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=1e6f41078eae790b4bf937e6a78c2f4c74bdda24

commit 1e6f41078eae790b4bf937e6a78c2f4c74bdda24
Author:     Nuno Teixeira <eduardo@FreeBSD.org>
AuthorDate: 2023-01-25 08:11:56 +0000
Commit:     Nuno Teixeira <eduardo@FreeBSD.org>
CommitDate: 2023-01-25 08:11:56 +0000

    security/vuxml: Document CVE-2018-21232 for devel/re2c < 2.0

    PR:             269147
    Reported by:    grahamperrin

 security/vuxml/vuln/2023.xml | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

Comment 2 Nuno Teixeira freebsd_committer

2023-01-25 08:16:30 UTC

Committed, thanks!